ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilSession.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
26 class ilSession
27 {
35  public const SESSION_HANDLING_FIXED = 0;
36 
44  public const SESSION_HANDLING_LOAD_DEPENDENT = 1;
45 
51  public const SESSION_CLOSE_USER = 1; // manual logout
52  public const SESSION_CLOSE_EXPIRE = 2; // has expired
53  public const SESSION_CLOSE_FIRST = 3; // kicked by session control (first abidencer)
54  public const SESSION_CLOSE_IDLE = 4; // kickey by session control (ilde time)
55  public const SESSION_CLOSE_LIMIT = 5; // kicked by session control (limit reached)
56  public const SESSION_CLOSE_LOGIN = 6; // anonymous => login
57  public const SESSION_CLOSE_PUBLIC = 7; // => anonymous
58  public const SESSION_CLOSE_TIME = 8; // account time limit reached
59  public const SESSION_CLOSE_IP = 9; // wrong ip
60  public const SESSION_CLOSE_SIMUL = 10; // simultaneous login
61  public const SESSION_CLOSE_INACTIVE = 11; // inactive account
62 
63  private static ?int $closing_context = null;
64 
65  protected static bool $enable_web_access_without_session = false;
66 
76  public static function _getData(string $a_session_id): string
77  {
78  if (!$a_session_id) {
79  // fix for php #70520
80  return '';
81  }
82  global $DIC;
83 
84  $ilDB = $DIC['ilDB'];
85 
86  $q = "SELECT data FROM usr_session WHERE session_id = " .
87  $ilDB->quote($a_session_id, "text");
88  $set = $ilDB->query($q);
89  $rec = $ilDB->fetchAssoc($set);
90  if (!is_array($rec)) {
91  return '';
92  }
93 
94  // fix for php #70520
95  return (string) $rec["data"];
96  }
97 
103  public static function lookupExpireTime(string $a_session_id): int
104  {
105  global $DIC;
106 
107  $ilDB = $DIC['ilDB'];
108 
109  $query = 'SELECT expires FROM usr_session WHERE session_id = ' .
110  $ilDB->quote($a_session_id, 'text');
111  $res = $ilDB->query($query);
112  if ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
113  return (int) $row->expires;
114  }
115  return 0;
116  }
117 
118  public static function _writeData(string $a_session_id, string $a_data): bool
119  {
120  global $DIC;
121 
123  $ilDB = $DIC['ilDB'];
125  $ilClientIniFile = $DIC['ilClientIniFile'];
126 
127  if (self::isWebAccessWithoutSessionEnabled()) {
128  // Prevent session data written for web access checker
129  // when no cookie was sent (e.g. for pdf files linking others).
130  // This would result in new session records for each request.
131  return true;
132  }
133 
134  if (!$a_session_id) {
135  return true;
136  }
137 
138  $now = time();
139 
140  // prepare session data
141  $fields = [
142  'user_id' => [ilDBConstants::T_INTEGER, (int) (self::get('_authsession_user_id') ?? 0)],
143  'expires' => [ilDBConstants::T_INTEGER, self::getExpireValue()],
144  'data' => [ilDBConstants::T_CLOB, $a_data],
145  'ctime' => [ilDBConstants::T_INTEGER, $now],
146  'type' => [ilDBConstants::T_INTEGER, (int) (self::get('SessionType') ?? 0)]
147  ];
148  if ($ilClientIniFile->readVariable('session', 'save_ip')) {
149  $fields['remote_addr'] = [ilDBConstants::T_TEXT, $_SERVER['REMOTE_ADDR'] ?? ''];
150  }
151 
152  if (self::_exists($a_session_id)) {
153  // note that we do this only when inserting the new record
154  // updating may get us other contexts for the same session, especially ilContextWAC, which we do not want
155  if (class_exists('ilContext') && ilContext::isSessionMainContext()) {
156  $fields['context'] = [ilDBConstants::T_TEXT, ilContext::getType()];
157  }
158  $ilDB->update(
159  'usr_session',
160  $fields,
161  ['session_id' => [ilDBConstants::T_TEXT, $a_session_id]]
162  );
163  } else {
164  $fields['session_id'] = [ilDBConstants::T_TEXT, $a_session_id];
165  $fields['createtime'] = [ilDBConstants::T_INTEGER, $now];
166 
167  // note that we do this only when inserting the new record
168  // updating may get us other contexts for the same session, especially ilContextWAC, which we do not want
169  if (class_exists('ilContext')) {
170  $fields['context'] = [ilDBConstants::T_TEXT, ilContext::getType()];
171  }
172 
173  $insert_fields = implode(', ', array_keys($fields));
174  $insert_values = implode(
175  ', ',
176  array_map(
177  static fn (string $type, $value): string => $ilDB->quote($value, $type),
178  array_column($fields, 0),
179  array_column($fields, 1)
180  )
181  );
182 
183  $update_fields = array_filter(
184  $fields,
185  static fn (string $field): bool => !in_array($field, ['session_id', 'user_id', 'createtime'], true),
186  ARRAY_FILTER_USE_KEY
187  );
188  $update_values = implode(
189  ', ',
190  array_map(
191  static fn (string $field, string $type, $value): string => $field . ' = ' . $ilDB->quote(
192  $value,
193  $type
194  ),
195  array_keys($update_fields),
196  array_column($update_fields, 0),
197  array_column($update_fields, 1)
198  )
199  );
200 
201  $ilDB->manipulate(
202  'INSERT INTO usr_session (' . $insert_fields . ') '
203  . 'VALUES (' . $insert_values . ') '
204  . 'ON DUPLICATE KEY UPDATE ' . $update_values
205  );
206 
207  // check type against session control
208  $type = (int) $fields['type'][1];
209  if (in_array($type, ilSessionControl::$session_types_controlled, true)) {
210  ilSessionStatistics::createRawEntry(
211  $fields['session_id'][1],
212  $type,
213  $fields['createtime'][1],
214  $fields['user_id'][1]
215  );
216  }
217  }
218 
219  // finally delete deprecated sessions
220  $random = new ilRandom();
221  if ($random->int(0, 50) === 2) {
222  // get time _before_ destroying expired sessions
223  self::_destroyExpiredSessions();
224  ilSessionStatistics::aggretateRaw($now);
225  }
226 
227  return true;
228  }
229 
230 
231 
238  public static function _exists(string $a_session_id): bool
239  {
240  if (!$a_session_id) {
241  return false;
242  }
243  global $DIC;
244 
245  $ilDB = $DIC['ilDB'];
246 
247  $q = "SELECT 1 FROM usr_session WHERE session_id = " . $ilDB->quote($a_session_id, "text");
248  $set = $ilDB->query($q);
249 
250  return $ilDB->numRows($set) > 0;
251  }
252 
260  public static function _destroy($a_session_id, ?int $a_closing_context = null, $a_expired_at = null): bool
261  {
262  global $DIC;
263 
264  $ilDB = $DIC['ilDB'];
265 
266  if (!$a_closing_context) {
267  $a_closing_context = self::$closing_context;
268  }
269 
270  ilSessionStatistics::closeRawEntry($a_session_id, $a_closing_context, $a_expired_at);
271 
272  if (!is_array($a_session_id)) {
273  $q = "DELETE FROM usr_session WHERE session_id = " .
274  $ilDB->quote($a_session_id, "text");
275  } else {
276  // array: id => timestamp - so we get rid of timestamps
277  if ($a_expired_at) {
278  $a_session_id = array_keys($a_session_id);
279  }
280  $q = "DELETE FROM usr_session WHERE " .
281  $ilDB->in("session_id", $a_session_id, false, "text");
282  }
283 
284  ilSessionIStorage::destroySession($a_session_id);
285 
286  $ilDB->manipulate($q);
287 
288  try {
289  // only delete session cookie if it is set in the current request
290  if ($DIC->http()->wrapper()->cookie()->has(session_name()) &&
291  $DIC->http()->wrapper()->cookie()->retrieve(session_name(), $DIC->refinery()->kindlyTo()->string()) === $a_session_id) {
292  $cookieJar = $DIC->http()->cookieJar()->without(session_name());
293  $cookieJar->renderIntoResponseHeader($DIC->http()->response());
294  }
295  } catch (\Throwable $e) {
296  // ignore
297  // this is needed for "header already" sent errors when the random cleanup of expired sessions is triggered
298  }
299 
300  return true;
301  }
302 
308  public static function _destroyByUserId(int $a_user_id): bool
309  {
310  global $DIC;
311 
312  $ilDB = $DIC['ilDB'];
313 
314  $q = "DELETE FROM usr_session WHERE user_id = " .
315  $ilDB->quote($a_user_id, "integer");
316  $ilDB->manipulate($q);
317 
318  return true;
319  }
320 
325  public static function _destroyExpiredSessions(): int
326  {
327  global $DIC;
328 
329  $ilDB = $DIC['ilDB'];
330 
331  $q = "SELECT session_id,expires FROM usr_session WHERE expires < " .
332  $ilDB->quote(time(), "integer");
333  $res = $ilDB->query($q);
334  $ids = [];
335  while ($row = $ilDB->fetchAssoc($res)) {
336  $ids[$row["session_id"]] = $row["expires"];
337  }
338  if ($ids !== []) {
339  self::_destroy($ids, self::SESSION_CLOSE_EXPIRE, true);
340  }
341 
342  return count($ids);
343  }
344 
351  public static function _duplicate(string $a_session_id): string
352  {
353  global $DIC;
354 
355  $ilDB = $DIC['ilDB'];
356 
357  // Create new session id
358  $new_session = $a_session_id;
359  do {
360  $new_session = md5($new_session);
361  $q = "SELECT * FROM usr_session WHERE " .
362  "session_id = " . $ilDB->quote($new_session, "text");
363  $res = $ilDB->query($q);
364  } while ($ilDB->fetchAssoc($res));
365 
366  $query = "SELECT * FROM usr_session " .
367  "WHERE session_id = " . $ilDB->quote($a_session_id, "text");
368  $res = $ilDB->query($query);
369 
370  if ($row = $ilDB->fetchObject($res)) {
371  self::_writeData($new_session, $row->data);
372  return $new_session;
373  }
374  //TODO check if throwing an excpetion might be a better choice
375  return "";
376  }
377 
387  public static function getExpireValue(bool $fixedMode = false): int
388  {
389  global $DIC;
390 
391  if ($fixedMode) {
392  // fixed session
393  return time() + self::getIdleValue($fixedMode);
394  }
395 
397  $ilSetting = $DIC['ilSetting'];
398  if ($ilSetting->get('session_handling_type', (string) self::SESSION_HANDLING_FIXED) === (string) self::SESSION_HANDLING_FIXED) {
399  return time() + self::getIdleValue($fixedMode);
400  }
401 
402  if ($ilSetting->get('session_handling_type', (string) self::SESSION_HANDLING_FIXED) === (string) self::SESSION_HANDLING_LOAD_DEPENDENT) {
403  // load dependent session settings
404  $max_idle = (int) ($ilSetting->get('session_max_idle') ?? ilSessionControl::DEFAULT_MAX_IDLE);
405  return time() + $max_idle * 60;
406  }
407  return time() + ilSessionControl::DEFAULT_MAX_IDLE * 60;
408  }
409 
417  public static function getIdleValue(bool $fixedMode = false): int
418  {
419  global $DIC;
420 
421  $ilSetting = $DIC['ilSetting'];
422  $ilClientIniFile = $DIC['ilClientIniFile'];
423 
424  if ($fixedMode || $ilSetting->get('session_handling_type', (string) self::SESSION_HANDLING_FIXED) === (string) self::SESSION_HANDLING_FIXED) {
425  // fixed session
426  return (int) $ilClientIniFile->readVariable('session', 'expire');
427  }
428 
429  if ($ilSetting->get('session_handling_type', (string) self::SESSION_HANDLING_FIXED) === (string) self::SESSION_HANDLING_LOAD_DEPENDENT) {
430  // load dependent session settings
431  return (int) ($ilSetting->get('session_max_idle', (string) (ilSessionControl::DEFAULT_MAX_IDLE * 60)));
432  }
433  return ilSessionControl::DEFAULT_MAX_IDLE * 60;
434  }
435 
443  public static function getSessionExpireValue(): int
444  {
445  return self::getIdleValue(true);
446  }
447 
451  public static function set(string $a_var, $a_val): void
452  {
453  $_SESSION[$a_var] = $a_val;
454  }
455 
459  public static function get(string $a_var)
460  {
461  return $_SESSION[$a_var] ?? null;
462  }
463 
464  public static function has($a_var): bool
465  {
466  return isset($_SESSION[$a_var]);
467  }
468 
472  public static function clear(string $a_var): void
473  {
474  if (isset($_SESSION[$a_var])) {
475  unset($_SESSION[$a_var]);
476  }
477  }
478 
479  public static function dumpToString(): string
480  {
481  return print_r($_SESSION, true);
482  }
483 
487  public static function setClosingContext(int $a_context): void
488  {
489  self::$closing_context = $a_context;
490  }
491 
495  public static function getClosingContext(): int
496  {
497  return self::$closing_context;
498  }
499 
500 
501 
505  public static function isWebAccessWithoutSessionEnabled(): bool
506  {
507  return self::$enable_web_access_without_session;
508  }
509 
513  public static function enableWebAccessWithoutSession(bool $enable_web_access_without_session): void
514  {
515  self::$enable_web_access_without_session = $enable_web_access_without_session;
516  }
517 }
ilSession\SESSION_CLOSE_IDLE
const SESSION_CLOSE_IDLE
Definition: class.ilSession.php:54
$res
$res
Definition: ltiservices.php:69
ilSession\enableWebAccessWithoutSession
static enableWebAccessWithoutSession(bool $enable_web_access_without_session)
Definition: class.ilSession.php:513
ilSession\_duplicate
static _duplicate(string $a_session_id)
Duplicate session.
Definition: class.ilSession.php:351
ilSession\_destroyByUserId
static _destroyByUserId(int $a_user_id)
Destroy session.
Definition: class.ilSession.php:308
ilSession\dumpToString
static dumpToString()
Definition: class.ilSession.php:479
ilSessionStatistics\createRawEntry
static createRawEntry(string $a_session_id, int $a_session_type, int $a_timestamp, int $a_user_id)
Create raw data entry.
Definition: class.ilSessionStatistics.php:43
ilSession\_getData
static _getData(string $a_session_id)
Get session data from table.
Definition: class.ilSession.php:76
$type
$type
Definition: proxy_ylocal.php:10
ilSession\SESSION_CLOSE_INACTIVE
const SESSION_CLOSE_INACTIVE
Definition: class.ilSession.php:61
ilSession\_exists
static _exists(string $a_session_id)
Check whether session exists.
Definition: class.ilSession.php:238
ilSession\$enable_web_access_without_session
static bool $enable_web_access_without_session
Definition: class.ilSession.php:65
ilSession\SESSION_CLOSE_LOGIN
const SESSION_CLOSE_LOGIN
Definition: class.ilSession.php:56
ilSession\SESSION_CLOSE_TIME
const SESSION_CLOSE_TIME
Definition: class.ilSession.php:58
ilContext\isSessionMainContext
static isSessionMainContext()
Context that are not only temporary in a session (e.g.
Definition: class.ilContext.php:183
ilSession\lookupExpireTime
static lookupExpireTime(string $a_session_id)
Lookup expire time for a specific session.
Definition: class.ilSession.php:103
ilSession\SESSION_HANDLING_FIXED
const SESSION_HANDLING_FIXED
Definition: class.ilSession.php:35
ilSession\_destroyExpiredSessions
static _destroyExpiredSessions()
Destroy expired sessions.
Definition: class.ilSession.php:325
ilSessionStatistics\aggretateRaw
static aggretateRaw(int $a_now)
Aggregate raw session data (older than given time)
Definition: class.ilSessionStatistics.php:255
ilSession\SESSION_CLOSE_EXPIRE
const SESSION_CLOSE_EXPIRE
Definition: class.ilSession.php:52
$DIC
global $DIC
Definition: feed.php:28
ilSession\SESSION_CLOSE_USER
const SESSION_CLOSE_USER
Definition: class.ilSession.php:51
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10
ilSessionStatistics\closeRawEntry
static closeRawEntry($a_session_id, ?int $a_context=null, $a_expired_at=null)
Close raw data entry.
Definition: class.ilSessionStatistics.php:76
ilSession\has
static has($a_var)
Definition: class.ilSession.php:464
ilSessionIStorage\destroySession
static destroySession($a_session_id)
Destroy session(s).
Definition: class.ilSessionIStorage.php:129
ILIAS\Repository\get
get(string $key, Refinery\Transformation $t)
Get passed parameter, if not data passed, get key from http request.
Definition: trait.BaseGUIRequest.php:209
$query
$query
Definition: proxy_ylocal.php:13
ilSession\isWebAccessWithoutSessionEnabled
static isWebAccessWithoutSessionEnabled()
Definition: class.ilSession.php:505
ilSession\SESSION_CLOSE_LIMIT
const SESSION_CLOSE_LIMIT
Definition: class.ilSession.php:55
ilSession\SESSION_CLOSE_PUBLIC
const SESSION_CLOSE_PUBLIC
Definition: class.ilSession.php:57
ilSession\_destroy
static _destroy($a_session_id, ?int $a_closing_context=null, $a_expired_at=null)
Destroy session.
Definition: class.ilSession.php:260
ilSessionControl\$session_types_controlled
static array $session_types_controlled
Definition: class.ilSessionControl.php:67
ilSession\SESSION_CLOSE_SIMUL
const SESSION_CLOSE_SIMUL
Definition: class.ilSession.php:60
$ilSetting
global $ilSetting
Definition: privfeed.php:17
ilSession\setClosingContext
static setClosingContext(int $a_context)
set closing context (for statistics)
Definition: class.ilSession.php:487
ilRandom
Wrapper for generation of random numbers, strings, bytes.
Definition: class.ilRandom.php:10
ilSession\getIdleValue
static getIdleValue(bool $fixedMode=false)
Returns the idle time in seconds.
Definition: class.ilSession.php:417
ilSession\SESSION_HANDLING_LOAD_DEPENDENT
const SESSION_HANDLING_LOAD_DEPENDENT
Definition: class.ilSession.php:44
ilContext\getType
static getType()
Get context type.
Definition: class.ilContext.php:165
ilSession\getClosingContext
static getClosingContext()
get closing context (for statistics)
Definition: class.ilSession.php:495
ilSession\getSessionExpireValue
static getSessionExpireValue()
Returns the session expiration value.
Definition: class.ilSession.php:443
ilSession\clear
static clear(string $a_var)
Definition: class.ilSession.php:472
ilSession\SESSION_CLOSE_FIRST
const SESSION_CLOSE_FIRST
Definition: class.ilSession.php:53
ilSession\SESSION_CLOSE_IP
const SESSION_CLOSE_IP
Definition: class.ilSession.php:59
ilSession\$closing_context
static int $closing_context
Definition: class.ilSession.php:63