SessionService implements SingletonInterface uses BlockSerializationTrait

Secure session handling for the install tool.

Internal

This class is only meant to be used within EXT:install and is not part of the TYPO3 Core API.

Table of Contents

Interfaces

SingletonInterface
"empty" interface for singletons (marker interface pattern)

Methods

__construct()  : mixed
Constructor. Starts PHP session handling in our own private store
__wakeup()  : mixed
Deny object deserialization.
addMessage()  : mixed
Add a message to "Flash" message storage.
destroySession()  : mixed
Destroys a session
getBackendUserSession()  : array{userId: int, nonce: string, hmac: string}
getMessagesAndFlush()  : array<string|int, FlashMessage>
Return stored session messages and flush.
hasActiveBackendUserRoleAndSession()  : bool
Evaluates whether the backend user that initiated this admin tool session, has an active role (is still admin & system maintainer) and has an active backend user interface session.
hasSessionCookie()  : bool
Checks whether is session cookie is set
initializeSession()  : mixed
isAuthorized()  : bool
Check if we have an already authorized session
isAuthorizedBackendUserSession()  : bool
Check if we have an authorized session from a system maintainer
isExpired()  : bool
Check if our session is expired.
refreshSession()  : mixed
Refreshes our session information, rising the expire time.
resetSession()  : mixed
Reset session. Sets _SESSION to empty array.
setAuthorized()  : mixed
Marks this session as an "authorized" one (login successful).
setAuthorizedBackendSession()  : mixed
Marks this session as an "authorized by backend user" one.
startSession()  : string|false
Starts a new session
getBackendUserRecord()  : array<string, int>|null
Fetching a user record with uid=$uid.
getBackendUserSessionBackend()  : SessionBackendInterface
getIniValueBoolean()  : bool
Cast an on/off php ini value to boolean
isSessionAutoStartEnabled()  : bool
Check if php session.auto_start is enabled

Methods

__construct()

Constructor. Starts PHP session handling in our own private store

public __construct() : mixed

Side-effect: might set a cookie, so must be called before any other output.

__wakeup()

Deny object deserialization.

public __wakeup() : mixed

destroySession()

Destroys a session

public destroySession(ServerRequestInterface|null $request) : mixed
Parameters
$request : ServerRequestInterface|null

getBackendUserSession()

public getBackendUserSession() : array{userId: int, nonce: string, hmac: string}
Return values
array{userId: int, nonce: string, hmac: string}

backend user session references

getMessagesAndFlush()

Return stored session messages and flush.

public getMessagesAndFlush() : array<string|int, FlashMessage>
Return values
array<string|int, FlashMessage>

Messages

hasActiveBackendUserRoleAndSession()

Evaluates whether the backend user that initiated this admin tool session, has an active role (is still admin & system maintainer) and has an active backend user interface session.

public hasActiveBackendUserRoleAndSession() : bool
Return values
bool

whether the backend user has an active role and backend user interface session

hasSessionCookie()

Checks whether is session cookie is set

public hasSessionCookie(ServerRequestInterface $request) : bool
Parameters
$request : ServerRequestInterface
Return values
bool

initializeSession()

public initializeSession() : mixed

isAuthorized()

Check if we have an already authorized session

public isAuthorized(ServerRequestInterface $request) : bool
Parameters
$request : ServerRequestInterface
Return values
bool

TRUE if this session has been authorized before (by a correct password)

isAuthorizedBackendUserSession()

Check if we have an authorized session from a system maintainer

public isAuthorizedBackendUserSession(ServerRequestInterface $request) : bool
Parameters
$request : ServerRequestInterface
Return values
bool

TRUE if this session has been authorized before and initialized by a backend system maintainer

isExpired()

Check if our session is expired.

public isExpired(ServerRequestInterface $request) : bool

Useful only right after a FALSE "isAuthorized" to see if this is the reason for not being authorized anymore.

Parameters
$request : ServerRequestInterface
Return values
bool

TRUE if an authorized session exists, but is expired

refreshSession()

Refreshes our session information, rising the expire time.

public refreshSession() : mixed

Also generates a new session ID every 5 minutes to minimize the risk of session hijacking.

resetSession()

Reset session. Sets _SESSION to empty array.

public resetSession() : mixed

setAuthorized()

Marks this session as an "authorized" one (login successful).

public setAuthorized() : mixed

Should only be called if: a) we have a valid session running b) the "password" or some other authorization mechanism really matched

setAuthorizedBackendSession()

Marks this session as an "authorized by backend user" one.

public setAuthorizedBackendSession(UserSession $userSession) : mixed

This is called by BackendModuleController from backend context.

Parameters
$userSession : UserSession

session of the current backend user

startSession()

Starts a new session

public startSession() : string|false
Return values
string|false

The session ID

getBackendUserRecord()

Fetching a user record with uid=$uid.

protected getBackendUserRecord(int $uid) : array<string, int>|null

Functionally similar to TYPO3\CMS\Core\Authentication\BackendUserAuthentication::setBeUserByUid().

Parameters
$uid : int

The UID of the backend user

Return values
array<string, int>|null

The backend user record or NULL

getIniValueBoolean()

Cast an on/off php ini value to boolean

protected getIniValueBoolean(string $configOption) : bool
Parameters
$configOption : string
Return values
bool

TRUE if the given option is enabled, FALSE if disabled

isSessionAutoStartEnabled()

Check if php session.auto_start is enabled

protected isSessionAutoStartEnabled() : bool
Return values
bool

TRUE if session.auto_start is enabled, FALSE if disabled


        

        
    




    

    

                            

            

                            
    

        On this page

        
    


            

                    

        

    

        

            
Search results