ILIAS  trunk Revision v11.0_alpha-1702-gfd3ecb7f852
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
class.ilSession.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
26 class ilSession
27 {
33  public const SESSION_CLOSE_USER = 1; // manual logout
34  public const SESSION_CLOSE_EXPIRE = 2; // has expired
35  public const SESSION_CLOSE_LOGIN = 6; // anonymous => login
36  public const SESSION_CLOSE_PUBLIC = 7; // => anonymous
37  public const SESSION_CLOSE_TIME = 8; // account time limit reached
38  public const SESSION_CLOSE_IP = 9; // wrong ip
39  public const SESSION_CLOSE_SIMUL = 10; // simultaneous login
40  public const SESSION_CLOSE_INACTIVE = 11; // inactive account
41 
42  private static ?int $closing_context = null;
43 
44  protected static bool $enable_web_access_without_session = false;
45 
55  public static function _getData(string $a_session_id): string
56  {
57  if (!$a_session_id) {
58  // fix for php #70520
59  return '';
60  }
61  global $DIC;
62 
63  $ilDB = $DIC['ilDB'];
64 
65  $q = "SELECT data FROM usr_session WHERE session_id = " .
66  $ilDB->quote($a_session_id, "text");
67  $set = $ilDB->query($q);
68  $rec = $ilDB->fetchAssoc($set);
69  if (!is_array($rec)) {
70  return '';
71  }
72 
73  // fix for php #70520
74  return (string) $rec["data"];
75  }
76 
82  public static function lookupExpireTime(string $a_session_id): int
83  {
84  global $DIC;
85 
86  $ilDB = $DIC['ilDB'];
87 
88  $query = 'SELECT expires FROM usr_session WHERE session_id = ' .
89  $ilDB->quote($a_session_id, 'text');
90  $res = $ilDB->query($query);
91  if ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
92  return (int) $row->expires;
93  }
94  return 0;
95  }
96 
97  public static function _writeData(string $a_session_id, string $a_data): bool
98  {
99  global $DIC;
100 
102  $ilDB = $DIC['ilDB'];
104  $ilClientIniFile = $DIC['ilClientIniFile'];
105 
106  if (self::isWebAccessWithoutSessionEnabled()) {
107  // Prevent session data written for web access checker
108  // when no cookie was sent (e.g. for pdf files linking others).
109  // This would result in new session records for each request.
110  return true;
111  }
112 
113  if (!$a_session_id) {
114  return true;
115  }
116 
117  $now = time();
118 
119  // prepare session data
120  $fields = [
121  'user_id' => [ilDBConstants::T_INTEGER, (int) (self::get('_authsession_user_id') ?? 0)],
122  'expires' => [ilDBConstants::T_INTEGER, self::getExpireValue()],
123  'data' => [ilDBConstants::T_CLOB, $a_data],
124  'ctime' => [ilDBConstants::T_INTEGER, $now],
125  'type' => [ilDBConstants::T_INTEGER, (int) (self::get('SessionType') ?? 0)]
126  ];
127  if ($ilClientIniFile->readVariable('session', 'save_ip')) {
128  $fields['remote_addr'] = [ilDBConstants::T_TEXT, $_SERVER['REMOTE_ADDR'] ?? ''];
129  }
130 
131  if (self::_exists($a_session_id)) {
132  // note that we do this only when inserting the new record
133  // updating may get us other contexts for the same session, especially ilContextWAC, which we do not want
134  if (class_exists('ilContext') && ilContext::isSessionMainContext()) {
135  $fields['context'] = [ilDBConstants::T_TEXT, ilContext::getType()];
136  }
137  $ilDB->update(
138  'usr_session',
139  $fields,
140  ['session_id' => [ilDBConstants::T_TEXT, $a_session_id]]
141  );
142  } else {
143  $fields['session_id'] = [ilDBConstants::T_TEXT, $a_session_id];
144  $fields['createtime'] = [ilDBConstants::T_INTEGER, $now];
145 
146  // note that we do this only when inserting the new record
147  // updating may get us other contexts for the same session, especially ilContextWAC, which we do not want
148  if (class_exists('ilContext')) {
149  $fields['context'] = [ilDBConstants::T_TEXT, ilContext::getType()];
150  }
151 
152  $insert_fields = implode(', ', array_keys($fields));
153  $insert_values = implode(
154  ', ',
155  array_map(
156  static fn(string $type, $value): string => $ilDB->quote($value, $type),
157  array_column($fields, 0),
158  array_column($fields, 1)
159  )
160  );
161 
162  $update_fields = array_filter(
163  $fields,
164  static fn(string $field): bool => !in_array($field, ['session_id', 'user_id', 'createtime'], true),
165  ARRAY_FILTER_USE_KEY
166  );
167  $update_values = implode(
168  ', ',
169  array_map(
170  static fn(string $field, string $type, $value): string => $field . ' = ' . $ilDB->quote(
171  $value,
172  $type
173  ),
174  array_keys($update_fields),
175  array_column($update_fields, 0),
176  array_column($update_fields, 1)
177  )
178  );
179 
180  $ilDB->manipulate(
181  'INSERT INTO usr_session (' . $insert_fields . ') '
182  . 'VALUES (' . $insert_values . ') '
183  . 'ON DUPLICATE KEY UPDATE ' . $update_values
184  );
185 
186  // check type against session control
187  $type = (int) $fields['type'][1];
188  if (in_array($type, ilSessionControl::$session_types_controlled, true)) {
189  ilSessionStatistics::createRawEntry(
190  $fields['session_id'][1],
191  $type,
192  $fields['createtime'][1],
193  $fields['user_id'][1]
194  );
195  }
196  }
197 
198  if (!$DIC->cron()->manager()->isJobActive('auth_destroy_expired_sessions')) {
199  $r = new \Random\Randomizer();
200  if ($r->getInt(0, 50) === 2) {
201  // get time _before_ destroying expired sessions
202  self::_destroyExpiredSessions();
203  ilSessionStatistics::aggretateRaw($now);
204  }
205  }
206 
207  return true;
208  }
209 
210 
211 
218  public static function _exists(string $a_session_id): bool
219  {
220  if (!$a_session_id) {
221  return false;
222  }
223  global $DIC;
224 
225  $ilDB = $DIC['ilDB'];
226 
227  $q = "SELECT 1 FROM usr_session WHERE session_id = " . $ilDB->quote($a_session_id, "text");
228  $set = $ilDB->query($q);
229 
230  return $ilDB->numRows($set) > 0;
231  }
232 
240  public static function _destroy($a_session_id, ?int $a_closing_context = null, $a_expired_at = null): bool
241  {
242  global $DIC;
243 
244  $ilDB = $DIC['ilDB'];
245 
246  if (!$a_closing_context) {
247  $a_closing_context = self::$closing_context;
248  }
249 
250  ilSessionStatistics::closeRawEntry($a_session_id, $a_closing_context, $a_expired_at);
251 
252  if (!is_array($a_session_id)) {
253  $q = "DELETE FROM usr_session WHERE session_id = " .
254  $ilDB->quote($a_session_id, "text");
255  } else {
256  // array: id => timestamp - so we get rid of timestamps
257  if ($a_expired_at) {
258  $a_session_id = array_keys($a_session_id);
259  }
260  $q = "DELETE FROM usr_session WHERE " .
261  $ilDB->in("session_id", $a_session_id, false, "text");
262  }
263 
264  ilSessionIStorage::destroySession($a_session_id);
265 
266  $ilDB->manipulate($q);
267 
268  if (ilContext::usesHTTP()) {
269  try {
270  // only delete session cookie if it is set in the current request
271  if ($DIC->http()->wrapper()->cookie()->has(session_name()) &&
272  $DIC->http()->wrapper()->cookie()->retrieve(
273  session_name(),
274  $DIC->refinery()->kindlyTo()->string()
275  ) === $a_session_id) {
276  $cookieJar = $DIC->http()->cookieJar()->without(session_name());
277  $cookieJar->renderIntoResponseHeader($DIC->http()->response());
278  }
279  } catch (\Throwable $e) {
280  // ignore
281  // this is needed for "header already" sent errors when the random cleanup of expired sessions is triggered
282  }
283  }
284 
285  return true;
286  }
287 
293  public static function _destroyByUserId(int $a_user_id): bool
294  {
295  global $DIC;
296 
297  $ilDB = $DIC['ilDB'];
298 
299  $q = "DELETE FROM usr_session WHERE user_id = " .
300  $ilDB->quote($a_user_id, "integer");
301  $ilDB->manipulate($q);
302 
303  return true;
304  }
305 
310  public static function _destroyExpiredSessions(): int
311  {
312  global $DIC;
313 
314  $ilDB = $DIC['ilDB'];
315 
316  $q = 'SELECT session_id, expires FROM usr_session WHERE expires < ' . $ilDB->quote(time(), ilDBConstants::T_INTEGER);
317  $res = $ilDB->query($q);
318  $ids = [];
319  while ($row = $ilDB->fetchAssoc($res)) {
320  $ids[$row['session_id']] = (int) $row['expires'];
321  }
322  if ($ids !== []) {
323  self::_destroy($ids, self::SESSION_CLOSE_EXPIRE, true);
324  }
325 
326  return count($ids);
327  }
328 
335  public static function _duplicate(string $a_session_id): string
336  {
337  global $DIC;
338 
339  $ilDB = $DIC['ilDB'];
340 
341  // Create new session id
342  $new_session = $a_session_id;
343  do {
344  $new_session = md5($new_session);
345  $q = "SELECT * FROM usr_session WHERE " .
346  "session_id = " . $ilDB->quote($new_session, "text");
347  $res = $ilDB->query($q);
348  } while ($ilDB->fetchAssoc($res));
349 
350  $query = "SELECT * FROM usr_session " .
351  "WHERE session_id = " . $ilDB->quote($a_session_id, "text");
352  $res = $ilDB->query($query);
353 
354  if ($row = $ilDB->fetchObject($res)) {
355  self::_writeData($new_session, $row->data);
356  return $new_session;
357  }
358  //TODO check if throwing an excpetion might be a better choice
359  return "";
360  }
361 
365  public static function getExpireValue(): int
366  {
367  return time() + self::getIdleValue();
368  }
369 
373  public static function getIdleValue(): int
374  {
375  global $DIC;
376 
377  $ilClientIniFile = $DIC['ilClientIniFile'];
378 
379  return (int) $ilClientIniFile->readVariable('session', 'expire');
380  }
381 
385  public static function getSessionExpireValue(): int
386  {
387  return self::getIdleValue();
388  }
389 
393  public static function set(string $a_var, $a_val): void
394  {
395  $_SESSION[$a_var] = $a_val;
396  }
397 
401  public static function get(string $a_var)
402  {
403  return $_SESSION[$a_var] ?? null;
404  }
405 
406  public static function has($a_var): bool
407  {
408  return isset($_SESSION[$a_var]);
409  }
410 
414  public static function clear(string $a_var): void
415  {
416  if (isset($_SESSION[$a_var])) {
417  unset($_SESSION[$a_var]);
418  }
419  }
420 
421  public static function dumpToString(): string
422  {
423  return print_r($_SESSION, true);
424  }
425 
429  public static function setClosingContext(int $a_context): void
430  {
431  self::$closing_context = $a_context;
432  }
433 
437  public static function getClosingContext(): int
438  {
439  return self::$closing_context;
440  }
441 
442 
443 
447  public static function isWebAccessWithoutSessionEnabled(): bool
448  {
449  return self::$enable_web_access_without_session;
450  }
451 
455  public static function enableWebAccessWithoutSession(bool $enable_web_access_without_session): void
456  {
457  self::$enable_web_access_without_session = $enable_web_access_without_session;
458  }
459 }
$res
$res
Definition: ltiservices.php:66
ilSession\enableWebAccessWithoutSession
static enableWebAccessWithoutSession(bool $enable_web_access_without_session)
Definition: class.ilSession.php:455
ilSession\_duplicate
static _duplicate(string $a_session_id)
Duplicate session.
Definition: class.ilSession.php:335
ilSession\_destroyByUserId
static _destroyByUserId(int $a_user_id)
Destroy session.
Definition: class.ilSession.php:293
ilSession\dumpToString
static dumpToString()
Definition: class.ilSession.php:421
ilSessionStatistics\createRawEntry
static createRawEntry(string $a_session_id, int $a_session_type, int $a_timestamp, int $a_user_id)
Create raw data entry.
Definition: class.ilSessionStatistics.php:43
ilSession\_getData
static _getData(string $a_session_id)
Get session data from table.
Definition: class.ilSession.php:55
ilContext\usesHTTP
static usesHTTP()
Uses HTTP aka browser.
Definition: class.ilContext.php:117
ilSession\SESSION_CLOSE_INACTIVE
const SESSION_CLOSE_INACTIVE
Definition: class.ilSession.php:40
ilSession\_exists
static _exists(string $a_session_id)
Check whether session exists.
Definition: class.ilSession.php:218
array_map
ilSession\$enable_web_access_without_session
static bool $enable_web_access_without_session
Definition: class.ilSession.php:44
ilSession\SESSION_CLOSE_LOGIN
const SESSION_CLOSE_LOGIN
Definition: class.ilSession.php:35
ilSession\SESSION_CLOSE_TIME
const SESSION_CLOSE_TIME
Definition: class.ilSession.php:37
ilContext\isSessionMainContext
static isSessionMainContext()
Context that are not only temporary in a session (e.g.
Definition: class.ilContext.php:183
ilSession\lookupExpireTime
static lookupExpireTime(string $a_session_id)
Lookup expire time for a specific session.
Definition: class.ilSession.php:82
ilSession\getIdleValue
static getIdleValue()
Returns the idle time in seconds.
Definition: class.ilSession.php:373
ilSession\getExpireValue
static getExpireValue()
Returns the expiration timestamp in seconds.
Definition: class.ilSession.php:365
ilSession\_destroyExpiredSessions
static _destroyExpiredSessions()
Destroy expired sessions.
Definition: class.ilSession.php:310
ilSessionStatistics\aggretateRaw
static aggretateRaw(int $a_now)
Aggregate raw session data (older than given time)
Definition: class.ilSessionStatistics.php:254
ilSession\SESSION_CLOSE_EXPIRE
const SESSION_CLOSE_EXPIRE
Definition: class.ilSession.php:34
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
ilSession\SESSION_CLOSE_USER
const SESSION_CLOSE_USER
Definition: class.ilSession.php:33
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:26
ILIAS\GlobalScreen\get
get(string $class_name)
Definition: SingletonTrait.php:32
$DIC
global $DIC
Definition: shib_login.php:22
ilSessionStatistics\closeRawEntry
static closeRawEntry($a_session_id, ?int $a_context=null, $a_expired_at=null)
Close raw data entry.
Definition: class.ilSessionStatistics.php:76
ilSession\has
static has($a_var)
Definition: class.ilSession.php:406
ilSessionIStorage\destroySession
static destroySession($a_session_id)
Destroy session(s).
Definition: class.ilSessionIStorage.php:129
ilSession\isWebAccessWithoutSessionEnabled
static isWebAccessWithoutSessionEnabled()
Definition: class.ilSession.php:447
ilSession\SESSION_CLOSE_PUBLIC
const SESSION_CLOSE_PUBLIC
Definition: class.ilSession.php:36
ilSession\_destroy
static _destroy($a_session_id, ?int $a_closing_context=null, $a_expired_at=null)
Destroy session.
Definition: class.ilSession.php:240
ilSessionControl\$session_types_controlled
static array $session_types_controlled
Definition: class.ilSessionControl.php:59
ilSession\SESSION_CLOSE_SIMUL
const SESSION_CLOSE_SIMUL
Definition: class.ilSession.php:39
ilSession\setClosingContext
static setClosingContext(int $a_context)
set closing context (for statistics)
Definition: class.ilSession.php:429
$q
$q
Definition: shib_logout.php:21
ilContext\getType
static getType()
Get context type.
Definition: class.ilContext.php:165
ilSession\getClosingContext
static getClosingContext()
get closing context (for statistics)
Definition: class.ilSession.php:437
ilSession\getSessionExpireValue
static getSessionExpireValue()
Returns the session expiration value.
Definition: class.ilSession.php:385
ilSession\clear
static clear(string $a_var)
Definition: class.ilSession.php:414
ilSession\SESSION_CLOSE_IP
const SESSION_CLOSE_IP
Definition: class.ilSession.php:38
ilSession\$closing_context
static int $closing_context
Definition: class.ilSession.php:42
$r
$r
Definition: shib_logout.php:140