FusionDirectory
class_session.inc
Go to the documentation of this file.
1 <?php
2 /*
3  This code is part of FusionDirectory (http://www.fusiondirectory.org/)
4  Copyright (C) 2003-2010 Cajus Pollmeier
5  Copyright (C) 2011-2019 FusionDirectory
6 
7  This program is free software; you can redistribute it and/or modify
8  it under the terms of the GNU General Public License as published by
9  the Free Software Foundation; either version 2 of the License, or
10  (at your option) any later version.
11 
12  This program is distributed in the hope that it will be useful,
13  but WITHOUT ANY WARRANTY; without even the implied warranty of
14  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  GNU General Public License for more details.
16 
17  You should have received a copy of the GNU General Public License
18  along with this program; if not, write to the Free Software
19  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
20 */
21 
30 class session
31 {
37  public static function is_set ($name)
38  {
39  return isset($_SESSION[$name]);
40  }
41 
45  public static function global_is_set ($name)
46  {
47  return static::is_set($name);
48  }
49 
57  public static function set ($name, $value)
58  {
59  $_SESSION[$name] = $value;
60  }
61 
65  public static function global_set ($name, $value)
66  {
67  static::set($name, $value);
68  }
69 
75  public static function get ($name)
76  {
77  if (isset($_SESSION[$name])) {
78  return $_SESSION[$name];
79  } else {
80  return NULL;
81  }
82  }
83 
87  public static function global_get ($name)
88  {
89  return static::get($name);
90  }
91 
97  public static function &get_ref ($name)
98  {
99  return $_SESSION[$name];
100  }
101 
105  public static function delete ($name)
106  {
107  return static::un_set($name);
108  }
109 
113  public static function global_delete ($name)
114  {
115  return static::un_set($name);
116  }
117 
123  public static function un_set ($name)
124  {
125  if (isset($_SESSION[$name])) {
126  unset($_SESSION[$name]);
127  }
128  }
129 
133  public static function global_un_set ($name)
134  {
135  return static::un_set($name);
136  }
137 
141  public static function start ($id = NULL)
142  {
143  session_name("FusionDirectory");
144  /* Set cookie lifetime to one day (The parameter is in seconds ) */
145  session_set_cookie_params(24 * 60 * 60);
146 
147  /* Set cache limiter to one day (parameter is minute !!) - default is 180 */
148  session_cache_expire(60 * 24);
149 
150  /* Set session max lifetime, to prevent the garbage collector to delete session before timeout.
151  !! The garbage collector is a cron job on debian systems, the cronjob will fetch the timeout from
152  the php.ini, so if you use debian, you must hardcode session.gc_maxlifetime in your php.ini */
153  ini_set("session.gc_maxlifetime", 24 * 60 * 60);
154 
155  /*
156  * Set HttpOnly in order to enhance security by disabling execution of javascript on cookies,
157  * allowing possible XSS attacks
158  */
159  ini_set("session.cookie_httponly", "1");
160 
161  if ($id !== NULL) {
162  session_id($id);
163  }
164  session_start();
165 
166  /* Check for changed browsers and bail out */
167  if (isset($_SESSION['HTTP_USER_AGENT'])) {
168  if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) {
169  session_destroy();
170  session_name("FusionDirectory");
171  session_start();
172  }
173  } else {
174  $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
175  }
176 
177  /* Regenerate ID to increase security */
178  if (!isset($_SESSION['started'])) {
179  session_regenerate_id();
180  $_SESSION['started'] = TRUE;
181  }
182  }
183 
187  public static function destroy (string $reason = '')
188  {
189  global $ui;
190 
191  if (!isset($ui)) {
192  $ui = static::get('ui');
193  }
194 
195  try {
196  if (isset($ui)) {
197  logging::log(
198  'security',
199  'logout',
200  $ui->uid,
201  [],
202  sprintf('Logged out (%s)', $reason)
203  );
204  } elseif (!empty($reason)) {
205  logging::log(
206  'security',
207  'session',
208  '',
209  [],
210  sprintf('Session destroyed (%s)', $reason)
211  );
212  }
213  } catch (Exception $e) {
214  /* Ignore exceptions here */
215  }
216  @session_destroy();
217  }
218 }
session
This class contains all the function needed to manage sessions.
Definition: class_session.inc:30
session\destroy
static destroy(string $reason='')
Destroy a session.
Definition: class_session.inc:187
session\start
static start($id=NULL)
Start a session.
Definition: class_session.inc:141
logging\log
static log(string $action, string $objecttype, string $object, array $changes=[], string $result='')
logging method
Definition: class_logging.inc:53
session\get_ref
static & get_ref($name)
Accessor of a session var by reference.
Definition: class_session.inc:97
session\global_un_set
static global_un_set($name)
Deprecated.
Definition: class_session.inc:133
session\global_set
static global_set($name, $value)
Deprecated.
Definition: class_session.inc:65
session\un_set
static un_set($name)
Unset a session.
Definition: class_session.inc:123
session\global_delete
static global_delete($name)
Deprecated.
Definition: class_session.inc:113
session\global_get
static global_get($name)
Deprecated.
Definition: class_session.inc:87
session\global_is_set
static global_is_set($name)
Deprecated.
Definition: class_session.inc:45
session\is_set
static is_set($name)
Check if the name of the session is set.
Definition: class_session.inc:37
Generated on Mon Feb 24 2025 17:39:36 for FusionDirectory by   doxygen 1.8.13