ILIAS  trunk Revision v11.0_alpha-2638-g80c1d007f79
class.ilSessionControl.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 class ilSessionControl
22 {
27  public const int DEFAULT_MIN_IDLE = 15;
28  public const int DEFAULT_ALLOW_CLIENT_MAINTENANCE = 1;
29 
33  private static array $setting_fields = [
34  'session_allow_client_maintenance',
35  ];
36 
41  private const int SESSION_TYPE_UNKNOWN = 0;
42  private const int SESSION_TYPE_SYSTEM = 1;
43  private const int SESSION_TYPE_ADMIN = 2;
44  private const int SESSION_TYPE_USER = 3;
45  private const int SESSION_TYPE_ANONYM = 4;
46 
47  private const string SESSION_TYPE_KEY = 'SessionType';
54  public static array $session_types_controlled = [
55  self::SESSION_TYPE_USER,
56  self::SESSION_TYPE_ANONYM
57  ];
58 
59  private static array $session_types_not_controlled = [
60  self::SESSION_TYPE_UNKNOWN,
61  self::SESSION_TYPE_SYSTEM,
62  self::SESSION_TYPE_ADMIN
63  ];
64 
65  public static function handleLoginEvent(string $a_login, ilAuthSession $auth_session): bool
66  {
67  $user_id = ilObjUser::_lookupId($a_login);
68 
69  // we need the session type for the session statistics
70  // regardless of the current session handling type
71  switch (true) {
72  case isset($_ENV['SHELL']):
73  $type = self::SESSION_TYPE_SYSTEM;
74  break;
75 
76  case $user_id === ANONYMOUS_USER_ID:
77  $type = self::SESSION_TYPE_ANONYM;
78  break;
79 
80  case self::checkAdministrationPermission($user_id):
81  $type = self::SESSION_TYPE_ADMIN;
82  break;
83 
84  default:
85  $type = self::SESSION_TYPE_USER;
86  break;
87  }
88 
89  ilSession::set(self::SESSION_TYPE_KEY, $type);
90  self::debug(__METHOD__ . ' --> update sessions type to (' . $type . ')');
91 
92  return true;
93  }
94 
98  public static function handleLogoutEvent(): void
99  {
100  }
101 
105  public static function getExistingSessionCount(array $a_types): int
106  {
107  global $DIC;
108 
109  $ilDB = $DIC['ilDB'];
110 
111  $ts = time();
112 
113  $query = 'SELECT count(session_id) AS num_sessions FROM usr_session ' .
114  'WHERE expires > %s ' .
115  'AND ' . $ilDB->in('type', $a_types, false, 'integer');
116 
117  $res = $ilDB->queryF($query, ['integer'], [$ts]);
118  return (int) $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)->num_sessions;
119  }
120 
121  private static function isValidSession(string $a_sid): bool
122  {
123  global $DIC;
124 
125  $ilDB = $DIC['ilDB'];
126 
127  $query = 'SELECT session_id, expires FROM usr_session ' .
128  'WHERE session_id = %s';
129 
130  $res = $ilDB->queryF($query, ['text'], [$a_sid]);
131 
132  $ts = time();
133 
134  $sessions = [];
135 
136  while ($row = $ilDB->fetchAssoc($res)) {
137  if ($row['expires'] > $ts) {
138  self::debug(__METHOD__ . ' --> Found a valid session with id (' . $a_sid . ')');
139  $sessions[] = $row;
140  } else {
141  self::debug(__METHOD__ . ' --> Found an expired session with id (' . $a_sid . ')');
142  }
143  }
144 
145  if (count($sessions) === 1) {
146  self::debug(__METHOD__ . ' --> Exact one valid session found for session id (' . $a_sid . ')');
147 
148  return true;
149  }
150 
151  if (count($sessions) > 1) {
152  self::debug(__METHOD__ . ' --> Strange!!! More than one sessions found for given session id! (' . $a_sid . ')');
153  } else {
154  self::debug(__METHOD__ . ' --> No valid session found for session id (' . $a_sid . ')');
155  }
156 
157  return false;
158  }
159 
160  private static function removeSessionCookie(): void
161  {
162  ilUtil::setCookie(session_name(), 'deleted', true, true);
163  self::debug('Session cookie has been removed');
164  }
165 
166  private static function checkAdministrationPermission(int $a_user_id): bool
167  {
168  if (!$a_user_id) {
169  return false;
170  }
171 
172  global $DIC;
173 
174  $rbacsystem = $DIC['rbacsystem'];
175 
176  $access = $rbacsystem->checkAccessOfUser(
177  $a_user_id,
178  'read,visible',
179  SYSTEM_FOLDER_ID
180  );
181 
182  return $access;
183  }
184 
185  private static function debug(string $a_debug_log_message): void
186  {
187  global $DIC;
188 
189  $logger = $DIC->logger()->auth();
190 
191  $logger->debug($a_debug_log_message);
192  }
193 
197  public static function getSettingFields(): array
198  {
199  return self::$setting_fields;
200  }
201 }
$res
$res
Definition: ltiservices.php:66
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilSessionControl\checkAdministrationPermission
static checkAdministrationPermission(int $a_user_id)
Definition: class.ilSessionControl.php:166
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:694
SYSTEM_FOLDER_ID
const SYSTEM_FOLDER_ID
Definition: constants.php:35
ilSessionControl\SESSION_TYPE_UNKNOWN
const int SESSION_TYPE_UNKNOWN
session types from which one is assigned to each session
Definition: class.ilSessionControl.php:41
ilSessionControl\DEFAULT_ALLOW_CLIENT_MAINTENANCE
const int DEFAULT_ALLOW_CLIENT_MAINTENANCE
Definition: class.ilSessionControl.php:28
ilUtil\setCookie
static setCookie(string $a_cookie_name, string $a_cookie_value='', bool $a_also_set_super_global=true, bool $a_set_cookie_invalid=false)
Definition: class.ilUtil.php:1276
$DIC
global $DIC
Definition: shib_login.php:26
ilSessionControl\DEFAULT_MIN_IDLE
const int DEFAULT_MIN_IDLE
default value for settings that have not been defined in setup or administration yet ...
Definition: class.ilSessionControl.php:27
ilSessionControl\isValidSession
static isValidSession(string $a_sid)
Definition: class.ilSessionControl.php:121
ilSessionControl\getExistingSessionCount
static getExistingSessionCount(array $a_types)
Definition: class.ilSessionControl.php:105
ilSessionControl\handleLoginEvent
static handleLoginEvent(string $a_login, ilAuthSession $auth_session)
Definition: class.ilSessionControl.php:65
ilSessionControl\$session_types_controlled
static array $session_types_controlled
Definition: class.ilSessionControl.php:54
ilSessionControl\$session_types_not_controlled
static array $session_types_not_controlled
all session types that will be involved when count of sessions will be determined or when idleing ses...
Definition: class.ilSessionControl.php:59
ilSessionControl\handleLogoutEvent
static handleLogoutEvent()
reset sessions type to unknown
Definition: class.ilSessionControl.php:98
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:380
ilSessionControl\debug
static debug(string $a_debug_log_message)
Definition: class.ilSessionControl.php:185