ILIAS  trunk Revision v11.0_alpha-2638-g80c1d007f79
class.ilSession.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 class ilSession
22 {
28  public const int SESSION_CLOSE_USER = 1; // manual logout
29  public const int SESSION_CLOSE_EXPIRE = 2; // has expired
30  public const int SESSION_CLOSE_LOGIN = 6; // anonymous => login
31  public const int SESSION_CLOSE_PUBLIC = 7; // => anonymous
32  public const int SESSION_CLOSE_TIME = 8; // account time limit reached
33  public const int SESSION_CLOSE_IP = 9; // wrong ip
34  public const int SESSION_CLOSE_SIMUL = 10; // simultaneous login
35  public const int SESSION_CLOSE_INACTIVE = 11; // inactive account
36 
37  private static ?int $closing_context = null;
38 
39  protected static bool $enable_web_access_without_session = false;
40 
50  public static function _getData(string $a_session_id): string
51  {
52  if (!$a_session_id) {
53  // fix for php #70520
54  return '';
55  }
56  global $DIC;
57 
58  $ilDB = $DIC['ilDB'];
59 
60  $q = 'SELECT data FROM usr_session WHERE session_id = ' .
61  $ilDB->quote($a_session_id, 'text');
62  $set = $ilDB->query($q);
63  $rec = $ilDB->fetchAssoc($set);
64  if (!is_array($rec)) {
65  return '';
66  }
67 
68  // fix for php #70520
69  return (string) $rec['data'];
70  }
71 
77  public static function lookupExpireTime(string $a_session_id): int
78  {
79  global $DIC;
80 
81  $ilDB = $DIC['ilDB'];
82 
83  $query = 'SELECT expires FROM usr_session WHERE session_id = ' .
84  $ilDB->quote($a_session_id, 'text');
85  $res = $ilDB->query($query);
86  if ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
87  return (int) $row->expires;
88  }
89  return 0;
90  }
91 
92  public static function _writeData(string $a_session_id, string $a_data): bool
93  {
94  global $DIC;
95 
97  $ilDB = $DIC['ilDB'];
99  $ilClientIniFile = $DIC['ilClientIniFile'];
100 
101  if (self::isWebAccessWithoutSessionEnabled()) {
102  // Prevent session data written for web access checker
103  // when no cookie was sent (e.g. for pdf files linking others).
104  // This would result in new session records for each request.
105  return true;
106  }
107 
108  if (!$a_session_id) {
109  return true;
110  }
111 
112  $now = time();
113 
114  // prepare session data
115  $fields = [
116  'user_id' => [ilDBConstants::T_INTEGER, (int) (self::get('_authsession_user_id') ?? 0)],
117  'expires' => [ilDBConstants::T_INTEGER, self::getExpireValue()],
118  'data' => [ilDBConstants::T_CLOB, $a_data],
119  'ctime' => [ilDBConstants::T_INTEGER, $now],
120  'type' => [ilDBConstants::T_INTEGER, (int) (self::get('SessionType') ?? 0)]
121  ];
122  if ($ilClientIniFile->readVariable('session', 'save_ip')) {
123  $fields['remote_addr'] = [ilDBConstants::T_TEXT, $_SERVER['REMOTE_ADDR'] ?? ''];
124  }
125 
126  if (self::_exists($a_session_id)) {
127  // note that we do this only when inserting the new record
128  // updating may get us other contexts for the same session, especially ilContextWAC, which we do not want
129  if (class_exists('ilContext') && ilContext::isSessionMainContext()) {
130  $fields['context'] = [ilDBConstants::T_TEXT, ilContext::getType()];
131  }
132  $ilDB->update(
133  'usr_session',
134  $fields,
135  ['session_id' => [ilDBConstants::T_TEXT, $a_session_id]]
136  );
137  } else {
138  $fields['session_id'] = [ilDBConstants::T_TEXT, $a_session_id];
139  $fields['createtime'] = [ilDBConstants::T_INTEGER, $now];
140 
141  // note that we do this only when inserting the new record
142  // updating may get us other contexts for the same session, especially ilContextWAC, which we do not want
143  if (class_exists('ilContext')) {
144  $fields['context'] = [ilDBConstants::T_TEXT, ilContext::getType()];
145  }
146 
147  $insert_fields = implode(', ', array_keys($fields));
148  $insert_values = implode(
149  ', ',
150  array_map(
151  static fn(string $type, $value): string => $ilDB->quote($value, $type),
152  array_column($fields, 0),
153  array_column($fields, 1)
154  )
155  );
156 
157  $update_fields = array_filter(
158  $fields,
159  static fn(string $field): bool => !in_array($field, ['session_id', 'user_id', 'createtime'], true),
160  ARRAY_FILTER_USE_KEY
161  );
162  $update_values = implode(
163  ', ',
164  array_map(
165  static fn(string $field, string $type, $value): string => $field . ' = ' . $ilDB->quote(
166  $value,
167  $type
168  ),
169  array_keys($update_fields),
170  array_column($update_fields, 0),
171  array_column($update_fields, 1)
172  )
173  );
174 
175  $ilDB->manipulate(
176  'INSERT INTO usr_session (' . $insert_fields . ') '
177  . 'VALUES (' . $insert_values . ') '
178  . 'ON DUPLICATE KEY UPDATE ' . $update_values
179  );
180 
181  // check type against session control
182  $type = (int) $fields['type'][1];
183  if (in_array($type, ilSessionControl::$session_types_controlled, true)) {
184  ilSessionStatistics::createRawEntry(
185  $fields['session_id'][1],
186  $type,
187  $fields['createtime'][1],
188  $fields['user_id'][1]
189  );
190  }
191  }
192 
193  if (!$DIC->cron()->manager()->isJobActive('auth_destroy_expired_sessions')) {
194  $r = new \Random\Randomizer();
195  if ($r->getInt(0, 50) === 2) {
196  // get time _before_ destroying expired sessions
197  self::_destroyExpiredSessions();
198  ilSessionStatistics::aggretateRaw($now);
199  }
200  }
201 
202  return true;
203  }
204 
205  public static function _exists(string $a_session_id): bool
206  {
207  if (!$a_session_id) {
208  return false;
209  }
210  global $DIC;
211 
212  $ilDB = $DIC['ilDB'];
213 
214  $q = 'SELECT 1 FROM usr_session WHERE session_id = ' . $ilDB->quote($a_session_id, 'text');
215  $set = $ilDB->query($q);
216 
217  return $ilDB->numRows($set) > 0;
218  }
219 
227  public static function _destroy($a_session_id, ?int $a_closing_context = null, $a_expired_at = null): bool
228  {
229  global $DIC;
230 
231  $ilDB = $DIC['ilDB'];
232 
233  if (!$a_closing_context) {
234  $a_closing_context = self::$closing_context;
235  }
236 
237  ilSessionStatistics::closeRawEntry($a_session_id, $a_closing_context, $a_expired_at);
238 
239  if (is_array($a_session_id)) {
240  // array: id => timestamp - so we get rid of timestamps
241  if ($a_expired_at) {
242  $a_session_id = array_keys($a_session_id);
243  }
244  $q = 'DELETE FROM usr_session WHERE ' .
245  $ilDB->in('session_id', $a_session_id, false, 'text');
246  } else {
247  $q = 'DELETE FROM usr_session WHERE session_id = ' .
248  $ilDB->quote($a_session_id, 'text');
249  }
250 
251  ilSessionIStorage::destroySession($a_session_id);
252 
253  $ilDB->manipulate($q);
254 
255  if (ilContext::usesHTTP()) {
256  try {
257  // only delete session cookie if it is set in the current request
258  if ($DIC->http()->wrapper()->cookie()->has(session_name()) &&
259  $DIC->http()->wrapper()->cookie()->retrieve(
260  session_name(),
261  $DIC->refinery()->kindlyTo()->string()
262  ) === $a_session_id) {
263  $cookieJar = $DIC->http()->cookieJar()->without(session_name());
264  $cookieJar->renderIntoResponseHeader($DIC->http()->response());
265  }
266  } catch (Throwable) {
267  // ignore
268  // this is needed for "header already" sent errors when the random cleanup of expired sessions is triggered
269  }
270  }
271 
272  return true;
273  }
274 
280  public static function _destroyByUserId(int $a_user_id): bool
281  {
282  global $DIC;
283 
284  $ilDB = $DIC['ilDB'];
285 
286  $q = 'DELETE FROM usr_session WHERE user_id = ' .
287  $ilDB->quote($a_user_id, 'integer');
288  $ilDB->manipulate($q);
289 
290  return true;
291  }
292 
297  public static function _destroyExpiredSessions(): int
298  {
299  global $DIC;
300 
301  $ilDB = $DIC['ilDB'];
302 
303  $q = 'SELECT session_id, expires FROM usr_session WHERE expires < ' . $ilDB->quote(time(), ilDBConstants::T_INTEGER);
304  $res = $ilDB->query($q);
305  $ids = [];
306  while ($row = $ilDB->fetchAssoc($res)) {
307  $ids[$row['session_id']] = (int) $row['expires'];
308  }
309  if ($ids !== []) {
310  self::_destroy($ids, self::SESSION_CLOSE_EXPIRE, true);
311  }
312 
313  return count($ids);
314  }
315 
322  public static function _duplicate(string $a_session_id): string
323  {
324  global $DIC;
325 
326  $ilDB = $DIC['ilDB'];
327 
328  // Create new session id
329  $new_session = $a_session_id;
330  do {
331  $new_session = md5($new_session);
332  $q = 'SELECT * FROM usr_session WHERE ' .
333  'session_id = ' . $ilDB->quote($new_session, 'text');
334  $res = $ilDB->query($q);
335  } while ($ilDB->fetchAssoc($res));
336 
337  $query = 'SELECT * FROM usr_session ' .
338  'WHERE session_id = ' . $ilDB->quote($a_session_id, 'text');
339  $res = $ilDB->query($query);
340 
341  if ($row = $ilDB->fetchObject($res)) {
342  self::_writeData($new_session, $row->data);
343  return $new_session;
344  }
345  //TODO check if throwing an excpetion might be a better choice
346  return '';
347  }
348 
352  public static function getExpireValue(): int
353  {
354  return time() + self::getIdleValue();
355  }
356 
360  public static function getIdleValue(): int
361  {
362  global $DIC;
363 
364  $ilClientIniFile = $DIC['ilClientIniFile'];
365 
366  return (int) $ilClientIniFile->readVariable('session', 'expire');
367  }
368 
372  public static function getSessionExpireValue(): int
373  {
374  return self::getIdleValue();
375  }
376 
380  public static function set(string $a_var, $a_val): void
381  {
382  $_SESSION[$a_var] = $a_val;
383  }
384 
388  public static function get(string $a_var)
389  {
390  return $_SESSION[$a_var] ?? null;
391  }
392 
393  public static function has($a_var): bool
394  {
395  return isset($_SESSION[$a_var]);
396  }
397 
398  public static function clear(string $a_var): void
399  {
400  if (isset($_SESSION[$a_var])) {
401  unset($_SESSION[$a_var]);
402  }
403  }
404 
405  public static function dumpToString(): string
406  {
407  return print_r($_SESSION, true);
408  }
409 
413  public static function setClosingContext(int $a_context): void
414  {
415  self::$closing_context = $a_context;
416  }
417 
421  public static function getClosingContext(): int
422  {
423  return self::$closing_context;
424  }
425 
426  public static function isWebAccessWithoutSessionEnabled(): bool
427  {
428  return self::$enable_web_access_without_session;
429  }
430 
431  public static function enableWebAccessWithoutSession(bool $enable_web_access_without_session): void
432  {
433  self::$enable_web_access_without_session = $enable_web_access_without_session;
434  }
435 }
$res
$res
Definition: ltiservices.php:66
ilSession\enableWebAccessWithoutSession
static enableWebAccessWithoutSession(bool $enable_web_access_without_session)
Definition: class.ilSession.php:431
ilSession\_duplicate
static _duplicate(string $a_session_id)
Duplicate session.
Definition: class.ilSession.php:322
ilSession\SESSION_CLOSE_INACTIVE
const int SESSION_CLOSE_INACTIVE
Definition: class.ilSession.php:35
ilSession\SESSION_CLOSE_TIME
const int SESSION_CLOSE_TIME
Definition: class.ilSession.php:32
ilSession\_destroyByUserId
static _destroyByUserId(int $a_user_id)
Destroy session.
Definition: class.ilSession.php:280
ilSession\dumpToString
static dumpToString()
Definition: class.ilSession.php:405
ilSessionStatistics\createRawEntry
static createRawEntry(string $a_session_id, int $a_session_type, int $a_timestamp, int $a_user_id)
Create raw data entry.
Definition: class.ilSessionStatistics.php:40
ilSession\_getData
static _getData(string $a_session_id)
Get session data from table.
Definition: class.ilSession.php:50
ilSession\SESSION_CLOSE_LOGIN
const int SESSION_CLOSE_LOGIN
Definition: class.ilSession.php:30
ilContext\usesHTTP
static usesHTTP()
Uses HTTP aka browser.
Definition: class.ilContext.php:117
ilSession\_exists
static _exists(string $a_session_id)
Definition: class.ilSession.php:205
array_map
ilSession\$enable_web_access_without_session
static bool $enable_web_access_without_session
Definition: class.ilSession.php:39
ilContext\isSessionMainContext
static isSessionMainContext()
Context that are not only temporary in a session (e.g.
Definition: class.ilContext.php:183
ilSession\lookupExpireTime
static lookupExpireTime(string $a_session_id)
Lookup expire time for a specific session.
Definition: class.ilSession.php:77
ilSession\getIdleValue
static getIdleValue()
Returns the idle time in seconds.
Definition: class.ilSession.php:360
ilSession\getExpireValue
static getExpireValue()
Returns the expiration timestamp in seconds.
Definition: class.ilSession.php:352
ilSession\_destroyExpiredSessions
static _destroyExpiredSessions()
Destroy expired sessions.
Definition: class.ilSession.php:297
ilSessionStatistics\aggretateRaw
static aggretateRaw(int $a_now)
Aggregate raw session data (older than given time)
Definition: class.ilSessionStatistics.php:243
ilSession\SESSION_CLOSE_SIMUL
const int SESSION_CLOSE_SIMUL
Definition: class.ilSession.php:34
ilSession\SESSION_CLOSE_PUBLIC
const int SESSION_CLOSE_PUBLIC
Definition: class.ilSession.php:31
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:144
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:26
ILIAS\GlobalScreen\get
get(string $class_name)
Definition: SingletonTrait.php:32
ilSession\SESSION_CLOSE_USER
const int SESSION_CLOSE_USER
Definition: class.ilSession.php:28
$DIC
global $DIC
Definition: shib_login.php:26
ilSessionStatistics\closeRawEntry
static closeRawEntry($a_session_id, ?int $a_context=null, $a_expired_at=null)
Close raw data entry.
Definition: class.ilSessionStatistics.php:73
ilSession\has
static has($a_var)
Definition: class.ilSession.php:393
ilSessionIStorage\destroySession
static destroySession($a_session_id)
Destroy session(s).
Definition: class.ilSessionIStorage.php:112
ilSession\isWebAccessWithoutSessionEnabled
static isWebAccessWithoutSessionEnabled()
Definition: class.ilSession.php:426
ilSession\SESSION_CLOSE_IP
const int SESSION_CLOSE_IP
Definition: class.ilSession.php:33
ilSession\_destroy
static _destroy($a_session_id, ?int $a_closing_context=null, $a_expired_at=null)
Destroy session.
Definition: class.ilSession.php:227
ilSessionControl\$session_types_controlled
static array $session_types_controlled
Definition: class.ilSessionControl.php:54
ilSession\SESSION_CLOSE_EXPIRE
const int SESSION_CLOSE_EXPIRE
Definition: class.ilSession.php:29
ilSession\setClosingContext
static setClosingContext(int $a_context)
set closing context (for statistics)
Definition: class.ilSession.php:413
$q
$q
Definition: shib_logout.php:23
ilContext\getType
static getType()
Get context type.
Definition: class.ilContext.php:165
ilSession\getClosingContext
static getClosingContext()
get closing context (for statistics)
Definition: class.ilSession.php:421
ilSession\getSessionExpireValue
static getSessionExpireValue()
Returns the session expiration value.
Definition: class.ilSession.php:372
ilSession\clear
static clear(string $a_var)
Definition: class.ilSession.php:398
ilSession\$closing_context
static int $closing_context
Definition: class.ilSession.php:37
$r
$r
Definition: shib_logout.php:142