class.ilAuthSession.php

Go to the documentation of this file.

<?php

declare(strict_types=1);

class ilAuthSession
{
    private const SESSION_AUTH_AUTHENTICATED = '_authsession_authenticated';
    private const SESSION_AUTH_USER_ID = '_authsession_user_id';
    private const SESSION_AUTH_EXPIRED = '_authsession_expired';

    private static ?ilAuthSession $instance = null;

    private ilLogger $logger;

    private string $id = '';
    private int $user_id = 0;
    private bool $expired = false;
    private bool $authenticated = false;

    private function __construct(\ilLogger $logger)
    {
        $this->logger = $logger;
    }

    public static function getInstance(\ilLogger $logger): ilAuthSession
    {
        if (self::$instance) {
            return self::$instance;
        }
        return self::$instance = new self($logger);
    }

    protected function getLogger(): ilLogger
    {
        return $this->logger;
    }

    public function init(): bool
    {
        session_start();

        $this->setId(session_id());

        $user_id = (int) ilSession::get(self::SESSION_AUTH_USER_ID);

        if ($user_id) {
            $this->getLogger()->debug('Resuming old session for user: ' . $user_id);
            $this->setUserId((int) ilSession::get(self::SESSION_AUTH_USER_ID));
            $this->expired = (bool) ilSession::get(self::SESSION_AUTH_EXPIRED);
            $this->authenticated = (bool) ilSession::get(self::SESSION_AUTH_AUTHENTICATED);

            $this->validateExpiration();
        } else {
            $this->getLogger()->debug('Started new session.');
            $this->setUserId(ANONYMOUS_USER_ID);
            $this->expired = false;
            $this->authenticated = false;
        }
        return true;
    }

    public function isValid(): bool
    {
        return !$this->isExpired() && $this->isAuthenticated();
    }

    public function regenerateId(): void
    {
        $old_session_id = session_id();
        session_regenerate_id(true);
        $this->setId(session_id());
        $this->getLogger()->info('Session regenerate id: [' . substr($old_session_id, 0, 5) . '] -> [' . substr($this->getId(), 0, 5) . ']');
    }

    public function logout(): void
    {
        $this->getLogger()->debug('Logout called for: ' . $this->getUserId());
        session_regenerate_id(true);
        session_destroy();

        $this->init();
        $this->setAuthenticated(true, ANONYMOUS_USER_ID);
    }

    public function isAuthenticated(): bool
    {
        return $this->authenticated;
    }

    public function setAuthenticated(bool $a_status, int $a_user_id): void
    {
        $this->authenticated = $a_status;
        $this->user_id = $a_user_id;
        ilSession::set(self::SESSION_AUTH_AUTHENTICATED, $a_status);
        ilSession::set(self::SESSION_AUTH_USER_ID, $a_user_id);
        $this->setExpired(false);
        if ($a_status) {
            $this->regenerateId();
        }
    }

    public function isExpired(): bool
    {
        return $this->expired;
    }

    public function setExpired(bool $a_status): void
    {
        $this->expired = $a_status;
        ilSession::set(self::SESSION_AUTH_EXPIRED, (int) $a_status);
    }

    public function setUserId(int $a_id): void
    {
        $this->user_id = $a_id;
    }

    public function getUserId(): int
    {
        return $this->user_id;
    }

    protected function validateExpiration(): bool
    {
        if ($this->isExpired()) {
            // keep status
            return false;
        }

        if (time() > ilSession::lookupExpireTime($this->getId())) {
            $this->setExpired(true);
            return false;
        }
        return true;
    }

    protected function setId(string $a_id): void
    {
        $this->id = $a_id;
    }

    public function getId(): string
    {
        return $this->id;
    }
}