38        'session_max_idle_after_first_request',
 
   39        'session_allow_client_maintenance',
 
   40        'session_handling_type' 
   60        self::SESSION_TYPE_USER,
 
   61        self::SESSION_TYPE_ANONYM
 
   71        self::SESSION_TYPE_UNKNOWN,
 
   72        self::SESSION_TYPE_SYSTEM,
 
   73        self::SESSION_TYPE_ADMIN
 
   90        if (
$ilSetting->get(
'session_handling_type', 0) != 1) {
 
  106            if (!isset(
$_COOKIE[session_name()]) || !strlen(
$_COOKIE[session_name()])) {
 
  111                self::debug(
'Browser sent sid cookie with value (' . $sid . 
')');
 
  114                    self::debug(
'remove session cookie for (' . $sid . 
') and trigger event');
 
  121                    global $ilAppEventHandler;
 
  122                    $ilAppEventHandler->raise(
 
  123                        'Services/Authentication',
 
  124                        'expiredSessionDetected',
 
  143        if (
$ilSetting->get(
'session_handling_type', 0) != 1) {
 
  164        require_once 
'Services/User/classes/class.ilObjUser.php';
 
  170            case isset($_ENV[
'SHELL']):
 
  174            case $user_id == ANONYMOUS_USER_ID:
 
  191        if (
$ilSetting->get(
'session_handling_type', 0) != 1) {
 
  195        if (in_array(
$type, self::$session_types_controlled)) {
 
  208        if (
$ilSetting->get(
'session_handling_type', 0) != 1) {
 
  234        $max_sessions = (int) 
$ilSetting->get(
'session_max_count', self::DEFAULT_MAX_COUNT);
 
  236        if ($max_sessions > 0) {
 
  240            self::debug(__METHOD__ . 
"--> total existing sessions (" . $num_sessions . 
")");
 
  242            if (($num_sessions + 1) > $max_sessions) {
 
  243                self::debug(__METHOD__ . 
' --> limit for session pool reached, but try kicking some first request abidencer');
 
  250                if (($num_sessions + 1) > $max_sessions) {
 
  251                    self::debug(__METHOD__ . 
' --> limit for session pool still reached so try kick one min idle session');
 
  258                    if (($num_sessions + 1) > $max_sessions) {
 
  259                        self::debug(__METHOD__ . 
' --> limit for session pool still reached so logout session (' . session_id() . 
') and trigger event');
 
  275                        global $ilAppEventHandler;
 
  276                        $ilAppEventHandler->raise(
 
  277                            'Services/Authentication',
 
  278                            'reachedSessionPoolLimit',
 
  288                        self::debug(__METHOD__ . 
' --> limit of session pool not reached anymore after kicking one min idle session');
 
  291                    self::debug(__METHOD__ . 
' --> limit of session pool not reached anymore after kicking some first request abidencer');
 
  294                self::debug(__METHOD__ . 
' --> limit for session pool not reached yet');
 
  297            self::debug(__METHOD__ . 
' --> limit for session pool not set so check is bypassed');
 
  314        $query = 
"SELECT count(session_id) AS num_sessions FROM usr_session " .
 
  315                    "WHERE expires > %s " .
 
  316                    "AND " . 
$ilDB->in(
'type', $a_types, 
false, 
'integer');
 
  321        return $row->num_sessions;
 
  339        $min_idle = (int) 
$ilSetting->get(
'session_min_idle', self::DEFAULT_MIN_IDLE) * 60;
 
  340        $max_idle = (int) 
$ilSetting->get(
'session_max_idle', self::DEFAULT_MAX_IDLE) * 60;
 
  342        $query = 
"SELECT session_id,expires FROM usr_session WHERE expires >= %s " .
 
  343                "AND (expires - %s) < (%s - %s) " .
 
  344                "AND " . 
$ilDB->in(
'type', $a_types, 
false, 
'integer') . 
" ORDER BY expires";
 
  348            array(
'integer', 
'integer', 
'integer', 
'integer'),
 
  349            array($ts, $ts, $max_idle, $min_idle)
 
  355            self::debug(__METHOD__ . 
' --> successfully deleted one min idle session');
 
  360        self::debug(__METHOD__ . 
' --> no min idle session available for deletion');
 
  377        $max_idle_after_first_request = (int) 
$ilSetting->get(
'session_max_idle_after_first_request') * 60;
 
  379        if ((
int) $max_idle_after_first_request == 0) {
 
  383        $query = 
"SELECT session_id,expires FROM usr_session WHERE " .
 
  384                "(ctime - createtime) < %s " .
 
  385                "AND (%s - createtime) > %s " .
 
  386                "AND " . 
$ilDB->in(
'type', $a_types, 
false, 
'integer');
 
  390            array(
'integer', 
'integer', 
'integer'),
 
  391            array($max_idle_after_first_request, time(), $max_idle_after_first_request)
 
  394        $session_ids = array();
 
  396            $session_ids[
$row->session_id] = 
$row->expires;
 
  400        self::debug(__METHOD__ . 
' --> Finished kicking first request abidencer');
 
  416        $query = 
"SELECT session_id, expires FROM usr_session " .
 
  417                    "WHERE session_id = %s";
 
  426            if (
$row[
'expires'] > $ts) {
 
  427                self::debug(__METHOD__ . 
' --> Found a valid session with id (' . $a_sid . 
')');
 
  430                self::debug(__METHOD__ . 
' --> Found an expired session with id (' . $a_sid . 
')');
 
  434        if (count($sessions) == 1) {
 
  435            self::debug(__METHOD__ . 
' --> Exact one valid session found for session id (' . $a_sid . 
')');
 
  439            if (count($sessions) > 1) {
 
  440                self::debug(__METHOD__ . 
' --> Strange!!! More than one sessions found for given session id! (' . $a_sid . 
')');
 
  442                self::debug(__METHOD__ . 
' --> No valid session found for session id (' . $a_sid . 
')');
 
  468        if (!(
int) $a_user_id) {
 
  474        $access = $rbacsystem->checkAccessOfUser(
 
  489    private static function debug($a_debug_log_message)
 
  494            $ilLog->write($a_debug_log_message, 
'message');
 
  497        if (self::INTERNAL_DEBUG) {
 
  498            error_log($a_debug_log_message . 
"\n", 3, 
'session.log');
 
An exception for terminatinating execution or to throw for unit testing.
isValidSession($ext_uid, $soap_pw, $new_user)
isValidSession
static _lookupId($a_user_str)
Lookup id by login.
const INTERNAL_DEBUG
this controls the debuggin into a separate logfile (.
static handleLogoutEvent()
reset sessions type to unknown
static isValidSession($a_sid)
checks if session exists for given id and if it is still valid
static $session_types_not_controlled
all session types that will be involved when count of sessions will be determined or when idleing ses...
static initSession()
mark session with type regarding to the context.
static $setting_fields
all fieldnames that are saved in settings table
static $session_types_controlled
const SESSION_TYPE_UNKNOWN
session types from which one is assigned to each session
static getSettingFields()
returns the array of setting fields
static handleLoginEvent($a_login, ilAuthSession $auth_session)
when current session is allowed to be created it marks it with type regarding to the sessions user co...
const DEFAULT_MAX_IDLE_AFTER_FIRST_REQUEST
static checkExpiredSession()
checks for possibly expired session should be called from ilAuthUtils::__initAuth() so it's called be...
static debug($a_debug_log_message)
logs the given debug message in ilLog
static getExistingSessionCount(array $a_types)
returns number of valid sessions relating to given session types
const DEFAULT_ALLOW_CLIENT_MAINTENANCE
static checkCurrentSessionIsAllowed(ilAuthSession $auth, $a_user_id)
checks wether the current session exhaust the limit of sessions when limit is reached it deletes "fir...
static removeSessionCookie()
removes a session cookie, so it is not sent by browser anymore
const DEFAULT_MAX_COUNT
default value for settings that have not been defined in setup or administration yet
static checkAdministrationPermission($a_user_id)
checks wether a given user login relates to an user with administrative permissions
static kickOneMinIdleSession(array $a_types)
if sessions exist that relates to given session types and idled longer than min idle parameter,...
const SESSION_TYPE_ANONYM
const SESSION_TYPE_SYSTEM
static kickFirstRequestAbidencer(array $a_types)
kicks sessions of users that abidence after login so people could not login and go for coffe break ;-...
static createRawEntry($a_session_id, $a_session_type, $a_timestamp, $a_user_id)
Create raw data entry.
static setClosingContext($a_context)
set closing context (for statistics)
static _destroy($a_session_id, $a_closing_context=null, $a_expired_at=null)
Destroy session.
const SESSION_CLOSE_FIRST
const SESSION_CLOSE_LIMIT
static setCookie($a_cookie_name, $a_cookie_value='', $a_also_set_super_global=true, $a_set_cookie_invalid=false)
static redirect($a_script)
foreach($_POST as $key=> $value) $res