TYPO3 CMS  TYPO3_6-2
Public Member Functions | Private Member Functions | Private Attributes | List of all members
TYPO3\CMS\Install\Service\SessionService Class Reference
Inheritance diagram for TYPO3\CMS\Install\Service\SessionService:
TYPO3\CMS\Core\SingletonInterface tx_install_session

Public Member Functions

 __construct ()
 
 startSession ()
 
 destroySession ()
 
 resetSession ()
 
 hasSession ()
 
 getSessionId ()
 
 setAuthorized ()
 
 isAuthorized ()
 
 isExpired ()
 
 refreshSession ()
 
 addMessage (\TYPO3\CMS\Install\Status\StatusInterface $message)
 
 getMessagesAndFlush ()
 
 open ($savePath, $sessionName)
 
 close ()
 
 read ($id)
 
 write ($id, $sessionData)
 
 destroy ($id)
 
 gc ($maxLifeTime)
 
 __destruct ()
 

Private Member Functions

 getSessionSavePath ()
 
 ensureSessionSavePathExists ($sessionSavePath)
 
 renewSession ()
 
 getSessionHash ($sessionId='')
 
 getSessionFile ($id)
 

Private Attributes

 $typo3tempPath
 
 $sessionPath = 'InstallToolSessions/%s'
 
 $cookieName = 'Typo3InstallTool'
 
 $expireTimeInMinutes = 60
 
 $regenerateSessionIdTime = 5
 

Detailed Description

Secure session handling for the install tool.

Author
Ernesto Baschny ernst.nosp@m.@cro.nosp@m.n-it..nosp@m.de

Definition at line 25 of file SessionService.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Install\Service\SessionService::__construct ( )

Constructor. Starts PHP session handling in our own private store

Side-effect: might set a cookie, so must be called before any other output.

Definition at line 69 of file SessionService.php.

References TYPO3\CMS\Core\Utility\GeneralUtility\getIndpEnv(), and TYPO3\CMS\Install\Service\SessionService\getSessionSavePath().

◆ __destruct()

TYPO3\CMS\Install\Service\SessionService::__destruct ( )

Writes the session data at the end, to overcome a PHP APC bug.

Writes the session data in a proper context that is not affected by the APC bug: http://pecl.php.net/bugs/bug.php?id=16721.

This behaviour was introduced in #17511, where self::write() made use of GeneralUtility which due to the APC bug throws a "Fatal error: Class 'GeneralUtility' not found" (and the session data is not saved). Calling session_write_close() at this point seems to be the most easy solution, according to PHP author.

Returns
void

Definition at line 442 of file SessionService.php.

Member Function Documentation

◆ addMessage()

TYPO3\CMS\Install\Service\SessionService::addMessage ( \TYPO3\CMS\Install\Status\StatusInterface  $message)

Add a message to "Flash" message storage.

Parameters
\TYPO3\CMS\Install\Status\StatusInterface$messageA message to add
Returns
void

Definition at line 304 of file SessionService.php.

◆ close()

TYPO3\CMS\Install\Service\SessionService::close ( )

Close function. See

Returns
boolean

Definition at line 358 of file SessionService.php.

◆ destroy()

TYPO3\CMS\Install\Service\SessionService::destroy (   $id)

Destroys one session. See

Parameters
string$idThe session id
Returns
string

Definition at line 404 of file SessionService.php.

References TYPO3\CMS\Install\Service\SessionService\getSessionFile().

◆ destroySession()

TYPO3\CMS\Install\Service\SessionService::destroySession ( )

Destroys a session

Definition at line 168 of file SessionService.php.

◆ ensureSessionSavePathExists()

TYPO3\CMS\Install\Service\SessionService::ensureSessionSavePathExists (   $sessionSavePath)
private

Create directories for the session save path and throw an exception if that fails.

Parameters
string$sessionSavePathThe absolute path to the session files
Exceptions

Definition at line 123 of file SessionService.php.

References TYPO3\CMS\Core\Utility\GeneralUtility\mkdir_deep(), and TYPO3\CMS\Core\Utility\GeneralUtility\writeFile().

Referenced by TYPO3\CMS\Install\Service\SessionService\getSessionSavePath().

◆ gc()

TYPO3\CMS\Install\Service\SessionService::gc (   $maxLifeTime)

Garbage collect session info. See

Parameters
integer$maxLifeTimeThe setting of session.gc_maxlifetime
Returns
boolean

Definition at line 415 of file SessionService.php.

References TYPO3\CMS\Install\Service\SessionService\getSessionSavePath().

◆ getMessagesAndFlush()

TYPO3\CMS\Install\Service\SessionService::getMessagesAndFlush ( )

Return stored session messages and flush.

Returns
array<> Messages

Definition at line 316 of file SessionService.php.

◆ getSessionFile()

TYPO3\CMS\Install\Service\SessionService::getSessionFile (   $id)
private

Returns the file where to store our session data

Parameters
string$id
Returns
string A filename

Definition at line 337 of file SessionService.php.

References TYPO3\CMS\Install\Service\SessionService\getSessionHash(), and TYPO3\CMS\Install\Service\SessionService\getSessionSavePath().

Referenced by TYPO3\CMS\Install\Service\SessionService\destroy(), TYPO3\CMS\Install\Service\SessionService\read(), and TYPO3\CMS\Install\Service\SessionService\write().

◆ getSessionHash()

TYPO3\CMS\Install\Service\SessionService::getSessionHash (   $sessionId = '')
private

Returns a session hash, which can only be calculated by the server. Used to store our session files without exposing the session ID.

Parameters
string$sessionIdAn alternative session ID. Defaults to our current session ID
Exceptions

Definition at line 216 of file SessionService.php.

References $GLOBALS, and TYPO3\CMS\Install\Service\SessionService\getSessionId().

Referenced by TYPO3\CMS\Install\Service\SessionService\getSessionFile().

◆ getSessionId()

TYPO3\CMS\Install\Service\SessionService::getSessionId ( )

Returns the session ID of the running session.

Returns
string the session ID

Definition at line 204 of file SessionService.php.

Referenced by TYPO3\CMS\Install\Service\SessionService\getSessionHash().

◆ getSessionSavePath()

TYPO3\CMS\Install\Service\SessionService::getSessionSavePath ( )
private

Returns the path where to store our session files

Exceptions

Definition at line 101 of file SessionService.php.

References $GLOBALS, TYPO3\CMS\Install\Service\SessionService\ensureSessionSavePathExists(), and TYPO3\CMS\Core\Utility\GeneralUtility\hmac().

Referenced by TYPO3\CMS\Install\Service\SessionService\__construct(), TYPO3\CMS\Install\Service\SessionService\gc(), and TYPO3\CMS\Install\Service\SessionService\getSessionFile().

◆ hasSession()

TYPO3\CMS\Install\Service\SessionService::hasSession ( )

Checks whether we already have an active session.

Returns
boolean TRUE if there is an active session, FALSE otherwise

Definition at line 195 of file SessionService.php.

◆ isAuthorized()

TYPO3\CMS\Install\Service\SessionService::isAuthorized ( )

Check if we have an already authorized session

Returns
boolean TRUE if this session has been authorized before (by a correct password)

Definition at line 251 of file SessionService.php.

◆ isExpired()

TYPO3\CMS\Install\Service\SessionService::isExpired ( )

Check if our session is expired. Useful only right after a FALSE "isAuthorized" to see if this is the reason for not being authorized anymore.

Returns
boolean TRUE if an authorized session exists, but is expired

Definition at line 269 of file SessionService.php.

◆ open()

TYPO3\CMS\Install\Service\SessionService::open (   $savePath,
  $sessionName 
)

Open function. See

Parameters
string$savePath
string$sessionName
Returns
boolean

Definition at line 349 of file SessionService.php.

◆ read()

TYPO3\CMS\Install\Service\SessionService::read (   $id)

Read session data. See

Parameters
string$idThe session id
Returns
string

Definition at line 368 of file SessionService.php.

References TYPO3\CMS\Install\Service\SessionService\getSessionFile(), and TYPO3\CMS\Install\Service\SessionService\write().

◆ refreshSession()

TYPO3\CMS\Install\Service\SessionService::refreshSession ( )

Refreshes our session information, rising the expire time. Also generates a new session ID every 5 minutes to minimize the risk of session hijacking.

Returns
void

Definition at line 288 of file SessionService.php.

References TYPO3\CMS\Install\Service\SessionService\renewSession().

◆ renewSession()

TYPO3\CMS\Install\Service\SessionService::renewSession ( )
private

Generates a new session ID and sends it to the client.

Returns
string the new session ID

Definition at line 185 of file SessionService.php.

Referenced by TYPO3\CMS\Install\Service\SessionService\refreshSession(), TYPO3\CMS\Install\Service\SessionService\setAuthorized(), and TYPO3\CMS\Install\Service\SessionService\startSession().

◆ resetSession()

TYPO3\CMS\Install\Service\SessionService::resetSession ( )

Reset session. Sets _SESSION to empty array.

Definition at line 175 of file SessionService.php.

◆ setAuthorized()

TYPO3\CMS\Install\Service\SessionService::setAuthorized ( )

Marks this session as an "authorized" one (login successful). Should only be called if: a) we have a valid session running b) the "password" or some other authorization mechanism really matched

Returns
void

Definition at line 237 of file SessionService.php.

References TYPO3\CMS\Install\Service\SessionService\renewSession().

◆ startSession()

TYPO3\CMS\Install\Service\SessionService::startSession ( )

Starts a new session

Returns
string The session ID

Definition at line 159 of file SessionService.php.

References TYPO3\CMS\Install\Service\SessionService\renewSession().

◆ write()

TYPO3\CMS\Install\Service\SessionService::write (   $id,
  $sessionData 
)

Write session data. See

Parameters
string$idThe session id
string$sessionDataThe data to be stored
Exceptions
Exception
Returns
bool

Definition at line 386 of file SessionService.php.

References $result, TYPO3\CMS\Install\Service\SessionService\getSessionFile(), and TYPO3\CMS\Core\Utility\GeneralUtility\writeFile().

Referenced by TYPO3\CMS\Install\Service\SessionService\read().

Member Data Documentation

◆ $cookieName

TYPO3\CMS\Install\Service\SessionService::$cookieName = 'Typo3InstallTool'
private

Definition at line 48 of file SessionService.php.

◆ $expireTimeInMinutes

TYPO3\CMS\Install\Service\SessionService::$expireTimeInMinutes = 60
private

Definition at line 55 of file SessionService.php.

◆ $regenerateSessionIdTime

TYPO3\CMS\Install\Service\SessionService::$regenerateSessionIdTime = 5
private

Definition at line 62 of file SessionService.php.

◆ $sessionPath

TYPO3\CMS\Install\Service\SessionService::$sessionPath = 'InstallToolSessions/%s'
private

Definition at line 41 of file SessionService.php.

◆ $typo3tempPath

TYPO3\CMS\Install\Service\SessionService::$typo3tempPath
private

Definition at line 33 of file SessionService.php.