SessionService implements SingletonInterface uses BlockSerializationTrait

Secure session handling for the install tool.

Internal

This class is only meant to be used within EXT:install and is not part of the TYPO3 Core API.

Table of Contents

Interfaces

SingletonInterface
"empty" interface for singletons (marker interface pattern)

Methods

__construct()  : mixed
Constructor. Starts PHP session handling in our own private store
__wakeup()  : mixed
Deny object deserialization.
addMessage()  : mixed
Add a message to "Flash" message storage.
destroySession()  : mixed
Destroys a session
getBackendUserSession()  : array{userId: int, nonce: string, hmac: string}
getMessagesAndFlush()  : array<string|int, FlashMessage>
Return stored session messages and flush.
hasActiveBackendUserRoleAndSession()  : bool
Evaluates whether the backend user that initiated this admin tool session, has an active role (is still admin & system maintainer) and has an active backend user interface session.
hasSessionCookie()  : bool
Checks whether whether is session cookie is set
initializeSession()  : mixed
isAuthorized()  : bool
Check if we have an already authorized session
isAuthorizedBackendUserSession()  : bool
Check if we have an authorized session from a system maintainer
isExpired()  : bool
Check if our session is expired.
refreshSession()  : mixed
Refreshes our session information, rising the expire time.
resetSession()  : mixed
Reset session. Sets _SESSION to empty array.
setAuthorized()  : mixed
Marks this session as an "authorized" one (login successful).
setAuthorizedBackendSession()  : mixed
Marks this session as an "authorized by backend user" one.
startSession()  : string|false
Starts a new session
getBackendUserRecord()  : array<string, int>|null
Fetching a user record with uid=$uid.
getBackendUserSessionBackend()  : SessionBackendInterface
getIniValueBoolean()  : bool
Cast an on/off php ini value to boolean
isSessionAutoStartEnabled()  : bool
Check if php session.auto_start is enabled

Methods

__construct()

Constructor. Starts PHP session handling in our own private store

public __construct() : mixed

Side-effect: might set a cookie, so must be called before any other output.

__wakeup()

Deny object deserialization.

public __wakeup() : mixed

destroySession()

Destroys a session

public destroySession() : mixed

getBackendUserSession()

public getBackendUserSession() : array{userId: int, nonce: string, hmac: string}
Return values
array{userId: int, nonce: string, hmac: string}

backend user session references

getMessagesAndFlush()

Return stored session messages and flush.

public getMessagesAndFlush() : array<string|int, FlashMessage>
Return values
array<string|int, FlashMessage>

Messages

hasActiveBackendUserRoleAndSession()

Evaluates whether the backend user that initiated this admin tool session, has an active role (is still admin & system maintainer) and has an active backend user interface session.

public hasActiveBackendUserRoleAndSession() : bool
Return values
bool

whether the backend user has an active role and backend user interface session

hasSessionCookie()

Checks whether whether is session cookie is set

public hasSessionCookie() : bool
Return values
bool

initializeSession()

public initializeSession() : mixed

isAuthorized()

Check if we have an already authorized session

public isAuthorized() : bool
Return values
bool

TRUE if this session has been authorized before (by a correct password)

isAuthorizedBackendUserSession()

Check if we have an authorized session from a system maintainer

public isAuthorizedBackendUserSession() : bool
Return values
bool

TRUE if this session has been authorized before and initialized by a backend system maintainer

isExpired()

Check if our session is expired.

public isExpired() : bool

Useful only right after a FALSE "isAuthorized" to see if this is the reason for not being authorized anymore.

Return values
bool

TRUE if an authorized session exists, but is expired

refreshSession()

Refreshes our session information, rising the expire time.

public refreshSession() : mixed

Also generates a new session ID every 5 minutes to minimize the risk of session hijacking.

resetSession()

Reset session. Sets _SESSION to empty array.

public resetSession() : mixed

setAuthorized()

Marks this session as an "authorized" one (login successful).

public setAuthorized() : mixed

Should only be called if: a) we have a valid session running b) the "password" or some other authorization mechanism really matched

setAuthorizedBackendSession()

Marks this session as an "authorized by backend user" one.

public setAuthorizedBackendSession(UserSession $userSession) : mixed

This is called by BackendModuleController from backend context.

Parameters
$userSession : UserSession

session of the current backend user

startSession()

Starts a new session

public startSession() : string|false
Return values
string|false

The session ID

getBackendUserRecord()

Fetching a user record with uid=$uid.

protected getBackendUserRecord(int $uid) : array<string, int>|null

Functionally similar to TYPO3\CMS\Core\Authentication\BackendUserAuthentication::setBeUserByUid().

Parameters
$uid : int

The UID of the backend user

Return values
array<string, int>|null

The backend user record or NULL

getIniValueBoolean()

Cast an on/off php ini value to boolean

protected getIniValueBoolean(string $configOption) : bool
Parameters
$configOption : string
Return values
bool

TRUE if the given option is enabled, FALSE if disabled

isSessionAutoStartEnabled()

Check if php session.auto_start is enabled

protected isSessionAutoStartEnabled() : bool
Return values
bool

TRUE if session.auto_start is enabled, FALSE if disabled


        

        
    




    

    

                            

            

                            
    

        On this page

        
    


            

                    

        

    

        

            
Search results