CAS_CookieJar Class Reference

This class provides access to service cookies and handles parsing of response headers to pull out cookie values. More...

Collaboration diagram for CAS_CookieJar:

Public Member Functions
	__construct (array &$storageArray)
	Create a new cookie jar by passing it a reference to an array in which it should store cookies. More...
	storeCookies ($request_url, $response_headers)
	Store cookies for a web service request. More...
	getCookies ($request_url)
	Retrieve cookies applicable for a web service request. More...

Protected Member Functions
	parseCookieHeaders ( $header, $defaultDomain)
	Parse Cookies without PECL From the comments in http://php.net/manual/en/function.http-parse-cookie.php. More...
	parseCookieHeader ($line, $defaultDomain)
	Parse a single cookie header line. More...
	storeCookie ($cookie)
	Add, update, or remove a cookie. More...
	discardCookie ($cookie)
	Discard an existing cookie. More...
	expireCookies ()
	Go through our stored cookies and remove any that are expired. More...
	cookieMatchesTarget ($cookie, $target)
	Answer true if cookie is applicable to a target. More...

Private Attributes
	$_cookies

Detailed Description

This class provides access to service cookies and handles parsing of response headers to pull out cookie values.

Definition at line 41 of file CookieJar.php.

Constructor & Destructor Documentation

__construct()

CAS_CookieJar::__construct

(

array &

$storageArray

)

Create a new cookie jar by passing it a reference to an array in which it should store cookies.

Parameters

array

&$storageArray

Array to store cookies

Returns

void

Definition at line 54 of file CookieJar.php.

    {
        $this->_cookies =& $storageArray;
    }

Member Function Documentation

cookieMatchesTarget()

CAS_CookieJar::cookieMatchesTarget (   $cookie,   $target  )

protected

Answer true if cookie is applicable to a target.

Parameters

array	$cookie	An array of cookie attributes.
array	$target	An array of URL attributes as generated by parse_url().

Returns

bool

private

Definition at line 317 of file CookieJar.php.

References $target.

Referenced by getCookies(), and storeCookies().

    {
        if (!is_array($target)) {
            throw new CAS_InvalidArgumentException(
                '$target must be an array of URL attributes as generated by parse_url().'
            );
        }
        if (!isset($target['host'])) {
            throw new CAS_InvalidArgumentException(
                '$target must be an array of URL attributes as generated by parse_url().'
            );
        }

        // Verify that the scheme matches
        if ($cookie['secure'] && $target['scheme'] != 'https') {
            return false;
        }

        // Verify that the host matches
        // Match domain and mulit-host cookies
        if (strpos($cookie['domain'], '.') === 0) {
            // .host.domain.edu cookies are valid for host.domain.edu
            if (substr($cookie['domain'], 1) == $target['host']) {
                // continue with other checks
            } else {
                // non-exact host-name matches.
                // check that the target host a.b.c.edu is within .b.c.edu
                $pos = strripos($target['host'], $cookie['domain']);
                if (!$pos) {
                    return false;
                }
                // verify that the cookie domain is the last part of the host.
                if ($pos + strlen($cookie['domain']) != strlen($target['host'])) {
                    return false;
                }
                // verify that the host name does not contain interior dots as per
                // RFC 2965 section 3.3.2  Rejecting Cookies
                // http://www.ietf.org/rfc/rfc2965.txt
                $hostname = substr($target['host'], 0, $pos);
                if (strpos($hostname, '.') !== false) {
                    return false;
                }
            }
        } else {
            // If the cookie host doesn't begin with '.',
            // the host must case-insensitive match exactly
            if (strcasecmp($target['host'], $cookie['domain']) !== 0) {
                return false;
            }
        }

        // Verify that the port matches
        if (isset($cookie['ports'])
            && !in_array($target['port'], $cookie['ports'])
        ) {
            return false;
        }

        // Verify that the path matches
        if (strpos($target['path'], $cookie['path']) !== 0) {
            return false;
        }

        return true;
    }

Here is the caller graph for this function:

discardCookie()

CAS_CookieJar::discardCookie (   $cookie )

protected

Discard an existing cookie.

Parameters

array

$cookie

An cookie

Returns

void

protected

Definition at line 272 of file CookieJar.php.

References $key.

Referenced by storeCookie().

    {
        if (!isset($cookie['domain'])
            || !isset($cookie['path'])
            || !isset($cookie['path'])
        ) {
            throw new CAS_InvalidArgumentException('Invalid Cookie array passed.');
        }

        foreach ($this->_cookies as $key => $old_cookie) {
            if ( $cookie['domain'] == $old_cookie['domain']
                && $cookie['path'] == $old_cookie['path']
                && $cookie['name'] == $old_cookie['name']
            ) {
                unset($this->_cookies[$key]);
            }
        }
    }

Here is the caller graph for this function:

expireCookies()

CAS_CookieJar::expireCookies ( )

protected

Go through our stored cookies and remove any that are expired.

Returns

void

protected

Definition at line 298 of file CookieJar.php.

References $key, and time.

Referenced by getCookies().

    {
        foreach ($this->_cookies as $key => $cookie) {
            if (isset($cookie['expires']) && $cookie['expires'] < time()) {
                unset($this->_cookies[$key]);
            }
        }
    }

Here is the caller graph for this function:

getCookies()

CAS_CookieJar::getCookies

(

$request_url

)

Retrieve cookies applicable for a web service request.

Cookie applicability is based on RFC 2965: http://www.ietf.org/rfc/rfc2965.txt

Parameters

string

$request_url

The url that the cookies will be for.

Returns

array An array containing cookies. E.g. array('name' => 'val');

private

Definition at line 102 of file CookieJar.php.

References $key, $target, array, cookieMatchesTarget(), and expireCookies().

    {
        if (!count($this->_cookies)) {
            return array();
        }

        // If our request URL can't be parsed, no cookies apply.
        $target = parse_url($request_url);
        if ($target === false) {
            return array();
        }

        $this->expireCookies();

        $matching_cookies = array();
        foreach ($this->_cookies as $key => $cookie) {
            if ($this->cookieMatchesTarget($cookie, $target)) {
                $matching_cookies[$cookie['name']] = $cookie['value'];
            }
        }
        return $matching_cookies;
    }

Here is the call graph for this function:

parseCookieHeader()

CAS_CookieJar::parseCookieHeader (   $line,   $defaultDomain  )

protected

Parse a single cookie header line.

Based on RFC2965 http://www.ietf.org/rfc/rfc2965.txt

Parameters

string	$line	The header line.
string	$defaultDomain	The domain to use if none is specified in the cookie.

Returns

array

Definition at line 161 of file CookieJar.php.

References array, time, and phpCAS\trace().

Referenced by parseCookieHeaders().

    {
        if (!$defaultDomain) {
            throw new CAS_InvalidArgumentException(
                '$defaultDomain was not provided.'
            );
        }

        // Set our default values
        $cookie = array(
            'domain' => $defaultDomain,
            'path' => '/',
            'secure' => false,
        );

        $line = preg_replace('/^Set-Cookie2?: /i', '', trim($line));

        // trim any trailing semicolons.
        $line = trim($line, ';');

        phpCAS::trace("Cookie Line: $line");

        // This implementation makes the assumption that semicolons will not
        // be present in quoted attribute values. While attribute values that
        // contain semicolons are allowed by RFC2965, they are hopefully rare
        // enough to ignore for our purposes. Most browsers make the same
        // assumption.
        $attributeStrings = explode(';', $line);

        foreach ( $attributeStrings as $attributeString ) {
            // split on the first equals sign and use the rest as value
            $attributeParts = explode('=', $attributeString, 2);

            $attributeName = trim($attributeParts[0]);
            $attributeNameLC = strtolower($attributeName);

            if (isset($attributeParts[1])) {
                $attributeValue = trim($attributeParts[1]);
                // Values may be quoted strings.
                if (strpos($attributeValue, '"') === 0) {
                    $attributeValue = trim($attributeValue, '"');
                    // unescape any escaped quotes:
                    $attributeValue = str_replace('\"', '"', $attributeValue);
                }
            } else {
                $attributeValue = null;
            }

            switch ($attributeNameLC) {
            case 'expires':
                $cookie['expires'] = strtotime($attributeValue);
                break;
            case 'max-age':
                $cookie['max-age'] = (int)$attributeValue;
                // Set an expiry time based on the max-age
                if ($cookie['max-age']) {
                    $cookie['expires'] = time() + $cookie['max-age'];
                } else {
                    // If max-age is zero, then the cookie should be removed
                    // imediately so set an expiry before now.
                    $cookie['expires'] = time() - 1;
                }
                break;
            case 'secure':
                $cookie['secure'] = true;
                break;
            case 'domain':
            case 'path':
            case 'port':
            case 'version':
            case 'comment':
            case 'commenturl':
            case 'discard':
            case 'httponly':
                $cookie[$attributeNameLC] = $attributeValue;
                break;
            default:
                $cookie['name'] = $attributeName;
                $cookie['value'] = $attributeValue;
            }
        }

        return $cookie;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

parseCookieHeaders()

CAS_CookieJar::parseCookieHeaders (   $header,   $defaultDomain  )

protected

Parse Cookies without PECL From the comments in http://php.net/manual/en/function.http-parse-cookie.php.

Parameters

array	$header	array of header lines.
string	$defaultDomain	The domain to use if none is specified in the cookie.

Returns

array of cookies

Definition at line 136 of file CookieJar.php.

References $header, array, parseCookieHeader(), phpCAS\traceBegin(), and phpCAS\traceEnd().

Referenced by storeCookies().

    {
        phpCAS::traceBegin();
        $cookies = array();
        foreach ( $header as $line ) {
            if ( preg_match('/^Set-Cookie2?: /i', $line)) {
                $cookies[] = $this->parseCookieHeader($line, $defaultDomain);
            }
        }

        phpCAS::traceEnd($cookies);
        return $cookies;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

storeCookie()

CAS_CookieJar::storeCookie (   $cookie )

protected

Add, update, or remove a cookie.

Parameters

array

$cookie

A cookie array as created by parseCookieHeaders()

Returns

void

protected

Definition at line 255 of file CookieJar.php.

References discardCookie().

Referenced by storeCookies().

    {
        // Discard any old versions of this cookie.
        $this->discardCookie($cookie);
        $this->_cookies[] = $cookie;

    }

Here is the call graph for this function:

Here is the caller graph for this function:

storeCookies()

CAS_CookieJar::storeCookies	(		$request_url,
			$response_headers
	)

Store cookies for a web service request.

Cookie storage is based on RFC 2965: http://www.ietf.org/rfc/rfc2965.txt

Parameters

string	$request_url	The URL that generated the response headers.
array	$response_headers	An array of the HTTP response header strings.

Returns

void

private

Definition at line 70 of file CookieJar.php.

References cookieMatchesTarget(), parseCookieHeaders(), storeCookie(), and phpCAS\trace().

    {
        $urlParts = parse_url($request_url);
        $defaultDomain = $urlParts['host'];

        $cookies = $this->parseCookieHeaders($response_headers, $defaultDomain);

        // var_dump($cookies);
        foreach ($cookies as $cookie) {
            // Enforce the same-origin policy by verifying that the cookie
            // would match the url that is setting it
            if (!$this->cookieMatchesTarget($cookie, $urlParts)) {
                continue;
            }

            // store the cookie
            $this->storeCookie($cookie);

            phpCAS::trace($cookie['name'].' -> '.$cookie['value']);
        }
    }

Here is the call graph for this function:

Field Documentation

$_cookies

CAS_CookieJar::$_cookies

private

Definition at line 44 of file CookieJar.php.

---

The documentation for this class was generated from the following file:

• Services/CAS/lib/CAS/CookieJar.php