‪TYPO3CMS  10.4
SessionManager.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
19 
25 
39 {
43  protected ‪$sessionBackends = [];
44 
52  public function ‪getSessionBackend(string $identifier): ‪SessionBackendInterface
53  {
54  if (!isset($this->sessionBackends[$identifier])) {
55  $configuration = ‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['session'][$identifier] ?? false;
56  if (!$configuration) {
57  throw new \InvalidArgumentException('Session configuration for identifier ' . $identifier . ' was not found', 1482234750);
58  }
59 
60  $sessionBackend = $this->‪createSessionBackendFromConfiguration($identifier, $configuration);
61 
62  // Validates the session backend configuration and throws an exception if something's wrong
63  $sessionBackend->validateConfiguration();
64  $this->sessionBackends[$identifier] = $sessionBackend;
65  }
66  return $this->sessionBackends[$identifier];
67  }
68 
76  public function ‪invalidateAllSessionsByUserId(‪SessionBackendInterface $backend, int $userId, ‪AbstractUserAuthentication $userAuthentication = null)
77  {
78  $sessionToRenew = '';
79  $hashedSessionToRenew = '';
80  // Prevent destroying the session of the current user session, but renew session id
81  if ($userAuthentication !== null && (int)$userAuthentication->user['uid'] === $userId) {
82  $sessionToRenew = $userAuthentication->getSessionId();
83  }
84  if ($sessionToRenew !== '' && $backend instanceof ‪HashableSessionBackendInterface) {
85  $hashedSessionToRenew = $backend->hash($sessionToRenew);
86  }
87 
88  foreach ($backend->‪getAll() as $session) {
89  if ($userAuthentication !== null) {
90  if ($session['ses_id'] === $sessionToRenew || $session['ses_id'] === $hashedSessionToRenew) {
91  $userAuthentication->enforceNewSessionId();
92  continue;
93  }
94  }
95  if ((int)$session['ses_userid'] === $userId) {
96  $backend->‪remove($session['ses_id']);
97  }
98  }
99  }
100 
109  protected function ‪createSessionBackendFromConfiguration(string $identifier, array $configuration): ‪SessionBackendInterface
110  {
111  $className = $configuration['backend'];
112 
113  if (!is_subclass_of($className, SessionBackendInterface::class)) {
114  throw new \InvalidArgumentException('Configured session backend ' . $className . ' does not implement ' . SessionBackendInterface::class, 1482235035);
115  }
116 
117  $options = $configuration['options'] ?? [];
118 
120  $backend = GeneralUtility::makeInstance($className);
121  $backend->‪initialize($identifier, $options);
122  return $backend;
123  }
124 }
‪TYPO3\CMS\Core\Session\SessionManager
Definition: SessionManager.php:39
‪TYPO3\CMS\Core\Session\Backend\HashableSessionBackendInterface
Definition: HashableSessionBackendInterface.php:21
‪TYPO3\CMS\Core\Session
‪TYPO3\CMS\Core\Session\Backend\SessionBackendInterface
Definition: SessionBackendInterface.php:28
‪TYPO3\CMS\Core\Session\SessionManager\getSessionBackend
‪SessionBackendInterface getSessionBackend(string $identifier)
Definition: SessionManager.php:51
‪TYPO3\CMS\Core\Session\Backend\SessionBackendInterface\remove
‪bool remove(string $sessionId)
‪TYPO3\CMS\Core\Session\SessionManager\createSessionBackendFromConfiguration
‪SessionBackendInterface createSessionBackendFromConfiguration(string $identifier, array $configuration)
Definition: SessionManager.php:108
‪TYPO3\CMS\Core\Session\Backend\SessionBackendInterface\initialize
‪initialize(string $identifier, array $configuration)
‪TYPO3\CMS\Core\Session\SessionManager\$sessionBackends
‪SessionBackendInterface[] $sessionBackends
Definition: SessionManager.php:42
‪TYPO3\CMS\Core\SingletonInterface
Definition: SingletonInterface.php:23
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:5
‪TYPO3\CMS\Core\Session\Backend\SessionBackendInterface\getAll
‪array getAll()
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:46
‪TYPO3\CMS\Core\Session\SessionManager\invalidateAllSessionsByUserId
‪invalidateAllSessionsByUserId(SessionBackendInterface $backend, int $userId, AbstractUserAuthentication $userAuthentication=null)
Definition: SessionManager.php:75
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication
Definition: AbstractUserAuthentication.php:51