de/d3d/class_8ilSession_8php_source.html

<?php


declare(strict_types=1);


class ilSession

{

    public const int SESSION_CLOSE_USER = 1;  // manual logout

    public const int SESSION_CLOSE_EXPIRE = 2;  // has expired

    public const int SESSION_CLOSE_LOGIN = 6;  // anonymous => login

    public const int SESSION_CLOSE_PUBLIC = 7;  // => anonymous

    public const int SESSION_CLOSE_TIME = 8;  // account time limit reached

    public const int SESSION_CLOSE_IP = 9;  // wrong ip

    public const int SESSION_CLOSE_SIMUL = 10; // simultaneous login

    public const int SESSION_CLOSE_INACTIVE = 11; // inactive account


    private static ?int $closing_context = null;


    protected static bool $enable_web_access_without_session = false;


    public static function _getData(string $a_session_id): string

    {

        if (!$a_session_id) {

            // fix for php #70520

            return '';

        }

        global $DIC;


        $ilDB = $DIC['ilDB'];


        $q = 'SELECT data FROM usr_session WHERE session_id = ' .

            $ilDB->quote($a_session_id, 'text');

        $set = $ilDB->query($q);

        $rec = $ilDB->fetchAssoc($set);

        if (!is_array($rec)) {

            return '';

        }


        // fix for php #70520

        return (string) $rec['data'];

    }


    public static function lookupExpireTime(string $a_session_id): int

    {

        global $DIC;


        $ilDB = $DIC['ilDB'];


        $query = 'SELECT expires FROM usr_session WHERE session_id = ' .

            $ilDB->quote($a_session_id, 'text');

        $res = $ilDB->query($query);

        if ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {

            return (int) $row->expires;

        }

        return 0;

    }


    public static function _writeData(string $a_session_id, string $a_data): bool

    {

        global $DIC;


        $ilDB = $DIC['ilDB'];

        $ilClientIniFile = $DIC['ilClientIniFile'];


        if (self::isWebAccessWithoutSessionEnabled()) {

            // Prevent session data written for web access checker

            // when no cookie was sent (e.g. for pdf files linking others).

            // This would result in new session records for each request.

            return true;

        }


        if (!$a_session_id) {

            return true;

        }


        $now = time();


        // prepare session data

        $fields = [

            'user_id' => [ilDBConstants::T_INTEGER, (int) (self::get('_authsession_user_id') ?? 0)],

            'expires' => [ilDBConstants::T_INTEGER, self::getExpireValue()],

            'data' => [ilDBConstants::T_CLOB, $a_data],

            'ctime' => [ilDBConstants::T_INTEGER, $now],

            'type' => [ilDBConstants::T_INTEGER, (int) (self::get('SessionType') ?? 0)]

        ];

        if ($ilClientIniFile->readVariable('session', 'save_ip')) {

            $fields['remote_addr'] = [ilDBConstants::T_TEXT, $_SERVER['REMOTE_ADDR'] ?? ''];

        }


        if (self::_exists($a_session_id)) {

            // note that we do this only when inserting the new record

            // updating may get us other contexts for the same session, especially ilContextWAC, which we do not want

            if (class_exists('ilContext') && ilContext::isSessionMainContext()) {

                $fields['context'] = [ilDBConstants::T_TEXT, ilContext::getType()];

            }

            $ilDB->update(

                'usr_session',

                $fields,

                ['session_id' => [ilDBConstants::T_TEXT, $a_session_id]]

            );

        } else {

            $fields['session_id'] = [ilDBConstants::T_TEXT, $a_session_id];

            $fields['createtime'] = [ilDBConstants::T_INTEGER, $now];


            // note that we do this only when inserting the new record

            // updating may get us other contexts for the same session, especially ilContextWAC, which we do not want

            if (class_exists('ilContext')) {

                $fields['context'] = [ilDBConstants::T_TEXT, ilContext::getType()];

            }


            $insert_fields = implode(', ', array_keys($fields));

            $insert_values = implode(

                ', ',

                array_map(

                    static fn(string $type, $value): string => $ilDB->quote($value, $type),

                    array_column($fields, 0),

                    array_column($fields, 1)

                )

            );


            $update_fields = array_filter(

                $fields,

                static fn(string $field): bool => !in_array($field, ['session_id', 'user_id', 'createtime'], true),

                ARRAY_FILTER_USE_KEY

            );

            $update_values = implode(

                ', ',

                array_map(

                    static fn(string $field, string $type, $value): string => $field . ' = ' . $ilDB->quote(

                        $value,

                        $type

                    ),

                    array_keys($update_fields),

                    array_column($update_fields, 0),

                    array_column($update_fields, 1)

                )

            );


            $ilDB->manipulate(

                'INSERT INTO usr_session (' . $insert_fields . ') '

                . 'VALUES (' . $insert_values . ') '

                . 'ON DUPLICATE KEY UPDATE ' . $update_values

            );


            // check type against session control

            $type = (int) $fields['type'][1];

            if (in_array($type, ilSessionControl::$session_types_controlled, true)) {

                ilSessionStatistics::createRawEntry(

                    $fields['session_id'][1],

                    $type,

                    $fields['createtime'][1],

                    $fields['user_id'][1]

                );

            }

        }


        if (!$DIC->cron()->manager()->isJobActive('auth_destroy_expired_sessions')) {

            $r = new \Random\Randomizer();

            if ($r->getInt(0, 50) === 2) {

                // get time _before_ destroying expired sessions

                self::_destroyExpiredSessions();

                ilSessionStatistics::aggregateRaw($now);

            }

        }


        return true;

    }


    public static function _exists(string $a_session_id): bool

    {

        if (!$a_session_id) {

            return false;

        }

        global $DIC;


        $ilDB = $DIC['ilDB'];


        $q = 'SELECT 1 FROM usr_session WHERE session_id = ' . $ilDB->quote($a_session_id, 'text');

        $set = $ilDB->query($q);


        return $ilDB->numRows($set) > 0;

    }


    public static function _destroy($a_session_id, ?int $a_closing_context = null, $a_expired_at = null): bool

    {

        global $DIC;


        if (!$a_closing_context) {

            $a_closing_context = self::$closing_context;

        }


        ilSessionStatistics::closeRawEntry($a_session_id, $a_closing_context, $a_expired_at);


        $deletion_queries = [];

        if (is_array($a_session_id)) {

            // array: id => timestamp - so we get rid of timestamps

            if ($a_expired_at) {

                $a_session_id = array_keys($a_session_id);

            }


            $chunk_size = 500;

            $batches = array_chunk($a_session_id, $chunk_size);

            foreach ($batches as $batch) {

                $deletion_queries[] = 'DELETE FROM usr_session WHERE ' .

                    $DIC->database()->in('session_id', $batch, false, ilDBConstants::T_TEXT);

            }

        } else {

            $deletion_queries[] = 'DELETE FROM usr_session WHERE session_id = ' .

                $DIC->database()->quote($a_session_id, ilDBConstants::T_TEXT);

        }


        ilSessionIStorage::destroySession($a_session_id);


        foreach ($deletion_queries as $deletion_query) {

            $DIC->database()->manipulate($deletion_query);

        }


        if (ilContext::usesHTTP()) {

            try {

                // only delete session cookie if it is set in the current request

                if ($DIC->http()->wrapper()->cookie()->has(session_name()) &&

                    $DIC->http()->wrapper()->cookie()->retrieve(

                        session_name(),

                        $DIC->refinery()->kindlyTo()->string()

                    ) === $a_session_id) {

                    $cookieJar = $DIC->http()->cookieJar()->without(session_name());

                    $cookieJar->renderIntoResponseHeader($DIC->http()->response());

                }

            } catch (Throwable) {

                // ignore

                // this is needed for "header already"  sent errors when the random cleanup of expired sessions is triggered

            }

        }


        return true;

    }


    public static function _destroyByUserId(int $a_user_id): bool

    {

        global $DIC;


        $ilDB = $DIC['ilDB'];


        $q = 'DELETE FROM usr_session WHERE user_id = ' .

            $ilDB->quote($a_user_id, 'integer');

        $ilDB->manipulate($q);


        return true;

    }


    public static function _destroyExpiredSessions(): int

    {

        global $DIC;


        $ilDB = $DIC['ilDB'];


        $q = 'SELECT session_id, expires FROM usr_session WHERE expires < ' . $ilDB->quote(time(), ilDBConstants::T_INTEGER);

        $res = $ilDB->query($q);

        $ids = [];

        while ($row = $ilDB->fetchAssoc($res)) {

            $ids[$row['session_id']] = (int) $row['expires'];

        }

        if ($ids !== []) {

            self::_destroy($ids, self::SESSION_CLOSE_EXPIRE, true);

        }


        return count($ids);

    }


    public static function _duplicate(string $a_session_id): string

    {

        global $DIC;


        $ilDB = $DIC['ilDB'];


        // Create new session id

        $new_session = $a_session_id;

        do {

            $new_session = md5($new_session);

            $q = 'SELECT * FROM usr_session WHERE ' .

                'session_id = ' . $ilDB->quote($new_session, 'text');

            $res = $ilDB->query($q);

        } while ($ilDB->fetchAssoc($res));


        $query = 'SELECT * FROM usr_session ' .

            'WHERE session_id = ' . $ilDB->quote($a_session_id, 'text');

        $res = $ilDB->query($query);


        if ($row = $ilDB->fetchObject($res)) {

            self::_writeData($new_session, $row->data);

            return $new_session;

        }

        //TODO check if throwing an excpetion might be a better choice

        return '';

    }


    public static function getExpireValue(): int

    {

        return time() + self::getIdleValue();

    }


    public static function getIdleValue(): int

    {

        global $DIC;


        $ilClientIniFile = $DIC['ilClientIniFile'];


        return (int) $ilClientIniFile->readVariable('session', 'expire');

    }


    public static function getSessionExpireValue(): int

    {

        return self::getIdleValue();

    }


    public static function set(string $a_var, $a_val): void

    {

        $_SESSION[$a_var] = $a_val;

    }


    public static function get(string $a_var)

    {

        return $_SESSION[$a_var] ?? null;

    }


    public static function has($a_var): bool

    {

        return isset($_SESSION[$a_var]);

    }


    public static function clear(string $a_var): void

    {

        if (isset($_SESSION[$a_var])) {

            unset($_SESSION[$a_var]);

        }

    }


    public static function dumpToString(): string

    {

        return print_r($_SESSION, true);

    }


    public static function setClosingContext(int $a_context): void

    {

        self::$closing_context = $a_context;

    }


    public static function getClosingContext(): int

    {

        return self::$closing_context;

    }


    public static function isWebAccessWithoutSessionEnabled(): bool

    {

        return self::$enable_web_access_without_session;

    }


    public static function enableWebAccessWithoutSession(bool $enable_web_access_without_session): void

    {

        self::$enable_web_access_without_session = $enable_web_access_without_session;

    }

}

ilContext\isSessionMainContext
static isSessionMainContext()
Context that are not only temporary in a session (e.g.
Definition: ilContext.php:183

ilContext\getType
static getType()
Get context type.
Definition: ilContext.php:165

ilContext\usesHTTP
static usesHTTP()
Uses HTTP aka browser.
Definition: ilContext.php:117

ilDBConstants\FETCHMODE_OBJECT
const FETCHMODE_OBJECT
Definition: ilDBConstants.php:31

ilDBConstants\T_TEXT
const T_TEXT
Definition: ilDBConstants.php:58

ilDBConstants\T_INTEGER
const T_INTEGER
Definition: ilDBConstants.php:57

ilDBConstants\T_CLOB
const T_CLOB
Definition: ilDBConstants.php:53

ilSessionControl\$session_types_controlled
static array $session_types_controlled
Definition: class.ilSessionControl.php:54

ilSessionIStorage\destroySession
static destroySession($a_session_id)
Destroy session(s).
Definition: class.ilSessionIStorage.php:112

ilSessionStatistics\aggregateRaw
static aggregateRaw(int $a_now)
Definition: class.ilSessionStatistics.php:234

ilSession
Definition: class.ilSession.php:22

ilSession\_destroyByUserId
static _destroyByUserId(int $a_user_id)
Destroy session.
Definition: class.ilSession.php:286

ilSession\_exists
static _exists(string $a_session_id)
Definition: class.ilSession.php:205

ilSession\SESSION_CLOSE_SIMUL
const int SESSION_CLOSE_SIMUL
Definition: class.ilSession.php:34

ilSession\dumpToString
static dumpToString()
Definition: class.ilSession.php:411

ilSession\_duplicate
static _duplicate(string $a_session_id)
Duplicate session.
Definition: class.ilSession.php:328

ilSession\SESSION_CLOSE_LOGIN
const int SESSION_CLOSE_LOGIN
Definition: class.ilSession.php:30

ilSession\$closing_context
static int $closing_context
Definition: class.ilSession.php:37

ilSession\getClosingContext
static getClosingContext()
get closing context (for statistics)
Definition: class.ilSession.php:427

ilSession\isWebAccessWithoutSessionEnabled
static isWebAccessWithoutSessionEnabled()
Definition: class.ilSession.php:432

ilSession\getIdleValue
static getIdleValue()
Returns the idle time in seconds.
Definition: class.ilSession.php:366

ilSession\clear
static clear(string $a_var)
Definition: class.ilSession.php:404

ilSession\_destroyExpiredSessions
static _destroyExpiredSessions()
Destroy expired sessions.
Definition: class.ilSession.php:303

ilSession\$enable_web_access_without_session
static bool $enable_web_access_without_session
Definition: class.ilSession.php:39

ilSession\SESSION_CLOSE_PUBLIC
const int SESSION_CLOSE_PUBLIC
Definition: class.ilSession.php:31

ilSession\setClosingContext
static setClosingContext(int $a_context)
set closing context (for statistics)
Definition: class.ilSession.php:419

ilSession\SESSION_CLOSE_EXPIRE
const int SESSION_CLOSE_EXPIRE
Definition: class.ilSession.php:29

ilSession\_destroy
static _destroy($a_session_id, ?int $a_closing_context=null, $a_expired_at=null)
Destroy session.
Definition: class.ilSession.php:227

ilSession\SESSION_CLOSE_TIME
const int SESSION_CLOSE_TIME
Definition: class.ilSession.php:32

ilSession\SESSION_CLOSE_INACTIVE
const int SESSION_CLOSE_INACTIVE
Definition: class.ilSession.php:35

ilSession\SESSION_CLOSE_IP
const int SESSION_CLOSE_IP
Definition: class.ilSession.php:33

ilSession\getExpireValue
static getExpireValue()
Returns the expiration timestamp in seconds.
Definition: class.ilSession.php:358

ilSession\getSessionExpireValue
static getSessionExpireValue()
Returns the session expiration value.
Definition: class.ilSession.php:378

ilSession\enableWebAccessWithoutSession
static enableWebAccessWithoutSession(bool $enable_web_access_without_session)
Definition: class.ilSession.php:437

ilSession\SESSION_CLOSE_USER
const int SESSION_CLOSE_USER
Definition: class.ilSession.php:28

ilSession\_getData
static _getData(string $a_session_id)
Get session data from table.
Definition: class.ilSession.php:50

ilSession\has
static has($a_var)
Definition: class.ilSession.php:399

ilSession\lookupExpireTime
static lookupExpireTime(string $a_session_id)
Lookup expire time for a specific session.
Definition: class.ilSession.php:77

$res
$res
Definition: ltiservices.php:69

ILIAS\GlobalScreen\get
get(string $class_name)
Definition: SingletonTrait.php:33

ILIAS\Repository\int
int(string $key)
Definition: trait.BaseGUIRequest.php:61

$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:26

$DIC
global $DIC
Definition: shib_login.php:26

$q
$q
Definition: shib_logout.php:25

$ilDB
$ilDB
Definition: storeScorm2004.php:30