ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilSessionControl.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 
11 class ilSessionControl
12 {
17  const INTERNAL_DEBUG = false;
18 
23  const DEFAULT_MAX_COUNT = 0;
24  const DEFAULT_MIN_IDLE = 15;
25  const DEFAULT_MAX_IDLE = 30;
26  const DEFAULT_MAX_IDLE_AFTER_FIRST_REQUEST = 1;
27  const DEFAULT_ALLOW_CLIENT_MAINTENANCE = 1;
28 
34  private static $setting_fields = array(
35  'session_max_count',
36  'session_min_idle',
37  'session_max_idle',
38  'session_max_idle_after_first_request',
39  'session_allow_client_maintenance',
40  'session_handling_type'
41  );
42 
47  const SESSION_TYPE_UNKNOWN = 0;
48  const SESSION_TYPE_SYSTEM = 1;
49  const SESSION_TYPE_ADMIN = 2;
50  const SESSION_TYPE_USER = 3;
51  const SESSION_TYPE_ANONYM = 4;
52 
59  public static $session_types_controlled = array(
60  self::SESSION_TYPE_USER,
61  self::SESSION_TYPE_ANONYM
62  );
63 
70  private static $session_types_not_controlled = array(
71  self::SESSION_TYPE_UNKNOWN,
72  self::SESSION_TYPE_SYSTEM,
73  self::SESSION_TYPE_ADMIN
74  );
75 
85  public static function checkExpiredSession()
86  {
87  global $ilSetting;
88 
89  // do not check session in fixed duration mode
90  if( $ilSetting->get('session_handling_type', 0) != 1 )
91  return;
92 
93  // check for expired sessions makes sense
94  // only when public section is not enabled
95  // because it is not possible to determine
96  // wether the sid cookie relates to a session of an
97  // authenticated user or a anonymous user
98  // when the session dataset has allready been deleted
99 
100  if(!$ilSetting->get("pub_section"))
101  {
102  global $lng;
103 
104  $sid = null;
105 
106  if( !isset($_COOKIE[session_name()]) || !strlen($_COOKIE[session_name()]) )
107  {
108  self::debug('Browser did not send a sid cookie');
109  }
110  else
111  {
112  $sid = $_COOKIE[session_name()];
113 
114  self::debug('Browser sent sid cookie with value ('.$sid.')');
115 
116  if(!self::isValidSession($sid))
117  {
118  self::debug('remove session cookie for ('.$sid.') and trigger event');
119 
120  // raw data will be updated (later) with garbage collection [destroyExpired()]
121 
122  self::removeSessionCookie();
123 
124  // Trigger expiredSessionDetected Event
125  global $ilAppEventHandler;
126  $ilAppEventHandler->raise(
127  'Services/Authentication', 'expiredSessionDetected', array()
128  );
129 
130  ilUtil::redirect('login.php?expired=true'.'&target='.$_GET['target']);
131  }
132  }
133  }
134  }
135 
140  public static function initSession()
141  {
142  global $ilSetting;
143 
144  // do not init session type in fixed duration mode
145  if( $ilSetting->get('session_handling_type', 0) != 1 )
146  return;
147 
148  if( !isset($_SESSION['SessionType']) )
149  {
150  $_SESSION['SessionType'] = self::SESSION_TYPE_UNKNOWN;
151  self::debug(__METHOD__." --> init session with type (".$_SESSION['SessionType'].")");
152  }
153  else
154  {
155  self::debug(__METHOD__." --> keep sessions type on (".$_SESSION['SessionType'].")");
156  }
157  }
158 
164  public static function handleLoginEvent($a_login, ilAuthSession $auth_session)
165  {
166  global $ilSetting;
167 
168  require_once 'Services/User/classes/class.ilObjUser.php';
169  $user_id = ilObjUser::_lookupId($a_login);
170 
171  // we need the session type for the session statistics
172  // regardless of the current session handling type
173  switch(true)
174  {
175  case isset($_ENV['SHELL']):
176  $type = self::SESSION_TYPE_SYSTEM;
177  break;
178 
179  case $user_id == ANONYMOUS_USER_ID:
180  $type = self::SESSION_TYPE_ANONYM;
181  break;
182 
183  case self::checkAdministrationPermission($user_id):
184  $type = self::SESSION_TYPE_ADMIN;
185  break;
186 
187  default:
188  $type = self::SESSION_TYPE_USER;
189  break;
190  }
191 
192  $_SESSION['SessionType'] = $type;
193  self::debug(__METHOD__." --> update sessions type to (".$type.")");
194 
195  // do not handle login event in fixed duration mode
196  if( $ilSetting->get('session_handling_type', 0) != 1 )
197  return true;
198 
199  if(in_array($type, self::$session_types_controlled))
200  {
201  return self::checkCurrentSessionIsAllowed($auth_session, $user_id);
202  }
203  }
204 
208  public static function handleLogoutEvent()
209  {
210  global $ilSetting;
211 
212  // do not handle logout event in fixed duration mode
213  if( $ilSetting->get('session_handling_type', 0) != 1 )
214  return;
215 
216  $_SESSION['SessionType'] = self::SESSION_TYPE_UNKNOWN;
217  self::debug(__METHOD__." --> reset sessions type to (".$_SESSION['SessionType'].")");
218 
219  // session_destroy() is called in auth, so raw data will be updated
220 
221  self::removeSessionCookie();
222  }
223 
234  private static function checkCurrentSessionIsAllowed(ilAuthSession $auth, $a_user_id)
235  {
236  global $ilSetting;
237 
238  $max_sessions = (int)$ilSetting->get('session_max_count', self::DEFAULT_MAX_COUNT);
239 
240  if($max_sessions > 0)
241  {
242  // get total number of sessions
243  $num_sessions = self::getExistingSessionCount(self::$session_types_controlled);
244 
245  self::debug(__METHOD__."--> total existing sessions (".$num_sessions.")");
246 
247  if(($num_sessions + 1) > $max_sessions)
248  {
249  self::debug(__METHOD__.' --> limit for session pool reached, but try kicking some first request abidencer');
250 
251  self::kickFirstRequestAbidencer(self::$session_types_controlled);
252 
253  // get total number of sessions again
254  $num_sessions = self::getExistingSessionCount(self::$session_types_controlled);
255 
256  if(($num_sessions + 1) > $max_sessions)
257  {
258  self::debug(__METHOD__.' --> limit for session pool still reached so try kick one min idle session');
259 
260  self::kickOneMinIdleSession(self::$session_types_controlled);
261 
262  // get total number of sessions again
263  $num_sessions = self::getExistingSessionCount(self::$session_types_controlled);
264 
265  if(($num_sessions + 1) > $max_sessions)
266  {
267  self::debug(__METHOD__.' --> limit for session pool still reached so logout session ('.session_id().') and trigger event');
268 
269  ilSession::setClosingContext(ilSession::SESSION_CLOSE_LIMIT);
270 
271  // as the session is opened and closed in one request, there
272  // is no proper session yet and we have to do this ourselves
273  ilSessionStatistics::createRawEntry(session_id(), $_SESSION['SessionType'],
274  time(), $a_user_id);
275 
276  $auth->logout();
277 
278  // Trigger reachedSessionPoolLimit Event
279  global $ilAppEventHandler;
280  $ilAppEventHandler->raise(
281  'Services/Authentication', 'reachedSessionPoolLimit', array()
282  );
283 
284  // auth won't do this, we need to close session properly
285  // already done in new implementation
286  // session_destroy();
287 
288  ilUtil::redirect('login.php?reached_session_limit=true');
289  }
290  else
291  {
292  self::debug(__METHOD__.' --> limit of session pool not reached anymore after kicking one min idle session');
293  }
294  }
295  else
296  {
297  self::debug(__METHOD__.' --> limit of session pool not reached anymore after kicking some first request abidencer');
298  }
299  }
300  else
301  {
302  self::debug(__METHOD__.' --> limit for session pool not reached yet');
303  }
304  }
305  else
306  {
307  self::debug(__METHOD__.' --> limit for session pool not set so check is bypassed');
308  }
309  }
310 
318  public static function getExistingSessionCount(array $a_types)
319  {
320  global $ilDB;
321 
322  $ts = time();
323 
324  $query = "SELECT count(session_id) AS num_sessions FROM usr_session ".
325  "WHERE expires > %s ".
326  "AND ".$ilDB->in('type', $a_types, false, 'integer');
327 
328  $res = $ilDB->queryF($query, array('integer'), array($ts));
329  $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
330 
331  return $row->num_sessions;
332  }
333 
344  private static function kickOneMinIdleSession(array $a_types)
345  {
346  global $ilDB, $ilSetting;
347 
348  $ts = time();
349  $min_idle = (int)$ilSetting->get('session_min_idle', self::DEFAULT_MIN_IDLE) * 60;
350  $max_idle = (int)$ilSetting->get('session_max_idle', self::DEFAULT_MAX_IDLE) * 60;
351 
352  $query = "SELECT session_id,expires FROM usr_session WHERE expires >= %s " .
353  "AND (expires - %s) < (%s - %s) " .
354  "AND ".$ilDB->in('type', $a_types, false, 'integer') . " ORDER BY expires";
355 
356  $res = $ilDB->queryF(
357  $query,
358  array('integer', 'integer', 'integer', 'integer'),
359  array($ts, $ts, $max_idle, $min_idle)
360  );
361 
362  while( $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT) )
363  {
364  ilSession::_destroy($row->session_id, ilSession::SESSION_CLOSE_IDLE, $row->expires);
365 
366  self::debug(__METHOD__.' --> successfully deleted one min idle session');
367 
368  return true;
369  }
370 
371  self::debug(__METHOD__.' --> no min idle session available for deletion');
372 
373  return false;
374  }
375 
384  private static function kickFirstRequestAbidencer(array $a_types)
385  {
386  global $ilDB, $ilSetting;
387 
388  $max_idle_after_first_request = (int)$ilSetting->get('session_max_idle_after_first_request') * 60;
389 
390  if((int)$max_idle_after_first_request == 0) return;
391 
392  $query = "SELECT session_id,expires FROM usr_session WHERE " .
393  "(ctime - createtime) < %s " .
394  "AND (%s - createtime) > %s " .
395  "AND ".$ilDB->in('type', $a_types, false, 'integer');
396 
397  $res = $ilDB->queryF( $query,
398  array('integer', 'integer', 'integer'),
399  array($max_idle_after_first_request, time(), $max_idle_after_first_request)
400  );
401 
402  $session_ids = array();
403  while( $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT) )
404  {
405  $session_ids[$row->session_id] = $row->expires;
406  }
407  ilSession::_destroy($session_ids, ilSession::SESSION_CLOSE_FIRST, true);
408 
409  self::debug(__METHOD__.' --> Finished kicking first request abidencer');
410  }
411 
421  private static function isValidSession($a_sid)
422  {
423  global $ilDB, $ilSetting;
424 
425  $query = "SELECT session_id, expires FROM usr_session ".
426  "WHERE session_id = %s";
427 
428  $res = $ilDB->queryF($query, array('text'), array($a_sid));
429 
430  $ts = time();
431 
432  $sessions = array();
433 
434  while( $row = $ilDB->fetchAssoc($res) )
435  {
436  if( $row['expires'] > $ts )
437  {
438  self::debug(__METHOD__.' --> Found a valid session with id ('.$a_sid.')');
439  $sessions[] = $row;
440  }
441  else
442  {
443  self::debug(__METHOD__.' --> Found an expired session with id ('.$a_sid.')');
444  }
445  }
446 
447  if(count($sessions) == 1)
448  {
449  self::debug(__METHOD__.' --> Exact one valid session found for session id ('.$a_sid.')');
450 
451  return true;
452  }
453  else
454  {
455  if(count($sessions) > 1)
456  self::debug(__METHOD__.' --> Strange!!! More than one sessions found for given session id! ('.$a_sid.')');
457  else self::debug(__METHOD__.' --> No valid session found for session id ('.$a_sid.')');
458 
459  return false;
460  }
461  }
462 
466  private static function removeSessionCookie()
467  {
468  ilUtil::setCookie(session_name(),'deleted',true,true);
469  self::debug('Session cookie has been removed');
470  }
471 
480  private static function checkAdministrationPermission($a_user_id)
481  {
482  if( !(int)$a_user_id ) return false;
483 
484  global $rbacsystem;
485 
486  $access = $rbacsystem->checkAccessOfUser(
487  $a_user_id, 'read,visible', SYSTEM_FOLDER_ID
488  );
489 
490  return $access;
491  }
492 
499  private static function debug($a_debug_log_message)
500  {
501  global $ilLog;
502 
503  if(DEVMODE) $ilLog->write($a_debug_log_message, 'message');
504 
505  if(self::INTERNAL_DEBUG) error_log($a_debug_log_message."\n", 3, 'session.log');
506  }
507 
513  public static function getSettingFields()
514  {
515  return self::$setting_fields;
516  }
517 
518 }
519 
520 
521 ?>
ilSession\SESSION_CLOSE_IDLE
const SESSION_CLOSE_IDLE
Definition: class.ilSession.php:43
ilSessionControl\DEFAULT_MAX_COUNT
const DEFAULT_MAX_COUNT
default value for settings that have not been defined in setup or administration yet ...
Definition: class.ilSessionControl.php:23
ilSession\_destroy
static _destroy($a_session_id, $a_closing_context=null, $a_expired_at=null)
Destroy session.
Definition: class.ilSession.php:200
ilSessionControl\$setting_fields
static $setting_fields
all fieldnames that are saved in settings table
Definition: class.ilSessionControl.php:34
ilAuthSession\logout
logout()
Logout user => stop session.
Definition: class.ilAuthSession.php:111
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
ilSessionControl\removeSessionCookie
static removeSessionCookie()
removes a session cookie, so it is not sent by browser anymore
Definition: class.ilSessionControl.php:466
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:787
ilSessionControl\isValidSession
static isValidSession($a_sid)
checks if session exists for given id and if it is still valid
Definition: class.ilSessionControl.php:421
ilSessionControl\getSettingFields
static getSettingFields()
returns the array of setting fields
Definition: class.ilSessionControl.php:513
ilSessionControl\INTERNAL_DEBUG
const INTERNAL_DEBUG
this controls the debuggin into a separate logfile (.
Definition: class.ilSessionControl.php:17
ilUtil\setCookie
static setCookie($a_cookie_name, $a_cookie_value='', $a_also_set_super_global=true, $a_set_cookie_invalid=false)
Definition: class.ilUtil.php:4895
ilSessionControl\checkAdministrationPermission
static checkAdministrationPermission($a_user_id)
checks wether a given user login relates to an user with administrative permissions ...
Definition: class.ilSessionControl.php:480
ilSessionControl\checkExpiredSession
static checkExpiredSession()
checks for possibly expired session should be called from ilAuthUtils::__initAuth() so it&#39;s called be...
Definition: class.ilSessionControl.php:85
ilSessionStatistics\createRawEntry
static createRawEntry($a_session_id, $a_session_type, $a_timestamp, $a_user_id)
Create raw data entry.
Definition: class.ilSessionStatistics.php:40
$ilLog
$ilLog
Definition: inc.setup_header.php:130
ilSession\SESSION_CLOSE_LIMIT
const SESSION_CLOSE_LIMIT
Definition: class.ilSession.php:44
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilSessionControl\initSession
static initSession()
mark session with type regarding to the context.
Definition: class.ilSessionControl.php:140
ilSessionControl\getExistingSessionCount
static getExistingSessionCount(array $a_types)
returns number of valid sessions relating to given session types
Definition: class.ilSessionControl.php:318
ilSessionControl\debug
static debug($a_debug_log_message)
logs the given debug message in ilLog
Definition: class.ilSessionControl.php:499
ilSession\setClosingContext
static setClosingContext($a_context)
set closing context (for statistics)
Definition: class.ilSession.php:433
ilSessionControl\$session_types_not_controlled
static $session_types_not_controlled
all session types that will be involved when count of sessions will be determined or when idleing ses...
Definition: class.ilSessionControl.php:70
$ilSetting
global $ilSetting
Definition: privfeed.php:17
$lng
global $lng
Definition: privfeed.php:17
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$_COOKIE
$_COOKIE['ilClientId']
Definition: BPMN2Parser.php:15
time
Add data(end) time
Method that wraps PHPs time in order to allow simulations with the workflow.
Definition: 40duplicateStyle.php:39
ilSessionControl\handleLogoutEvent
static handleLogoutEvent()
reset sessions type to unknown
Definition: class.ilSessionControl.php:208
ilSessionControl\handleLoginEvent
static handleLoginEvent($a_login, ilAuthSession $auth_session)
when current session is allowed to be created it marks it with type regarding to the sessions user co...
Definition: class.ilSessionControl.php:164
ilUtil\redirect
static redirect($a_script)
http redirect to other script
Definition: class.ilUtil.php:3567
ilSessionControl\kickFirstRequestAbidencer
static kickFirstRequestAbidencer(array $a_types)
kicks sessions of users that abidence after login so people could not login and go for coffe break ;-...
Definition: class.ilSessionControl.php:384
ilSession\SESSION_CLOSE_FIRST
const SESSION_CLOSE_FIRST
Definition: class.ilSession.php:42
ilSessionControl\kickOneMinIdleSession
static kickOneMinIdleSession(array $a_types)
if sessions exist that relates to given session types and idled longer than min idle parameter...
Definition: class.ilSessionControl.php:344
ilSessionControl\checkCurrentSessionIsAllowed
static checkCurrentSessionIsAllowed(ilAuthSession $auth, $a_user_id)
checks wether the current session exhaust the limit of sessions when limit is reached it deletes "fir...
Definition: class.ilSessionControl.php:234
ilSessionControl\SESSION_TYPE_UNKNOWN
const SESSION_TYPE_UNKNOWN
session types from which one is assigned to each session
Definition: class.ilSessionControl.php:47
isValidSession
isValidSession($ext_uid, $soap_pw, $new_user)
isValidSession
Definition: class.ilSoapDummyAuthServer.php:39