TYPO3 CMS  TYPO3_8-7
SessionManager.php
Go to the documentation of this file.
1 <?php
2 declare(strict_types = 1);
3 namespace TYPO3\CMS\Core\Session;
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 use TYPO3\CMS\Core\Authentication\AbstractUserAuthentication;
19 use TYPO3\CMS\Core\Session\Backend\SessionBackendInterface;
20 use TYPO3\CMS\Core\SingletonInterface;
21 use TYPO3\CMS\Core\Utility\GeneralUtility;
22 
35 class SessionManager implements SingletonInterface
36 {
40  protected $sessionBackends = [];
41 
49  public function getSessionBackend(string $identifier): SessionBackendInterface
50  {
51  if (!isset($this->sessionBackends[$identifier])) {
52  if (!isset($GLOBALS['TYPO3_CONF_VARS']['SYS']['session'][$identifier]) || !is_array($GLOBALS['TYPO3_CONF_VARS']['SYS']['session'][$identifier])) {
53  throw new \InvalidArgumentException('Session configuration for identifier ' . $identifier . ' was not found', 1482234750);
54  }
55  $configuration = $GLOBALS['TYPO3_CONF_VARS']['SYS']['session'][$identifier];
56 
57  $sessionBackend = $this->createSessionBackendFromConfiguration($identifier, $configuration);
58 
59  // Validates the session backend configuration and throws an exception if something's wrong
60  $sessionBackend->validateConfiguration();
61  $this->sessionBackends[$identifier] = $sessionBackend;
62  }
63  return $this->sessionBackends[$identifier];
64  }
65 
73  public function invalidateAllSessionsByUserId(SessionBackendInterface $backend, int $userId, AbstractUserAuthentication $userAuthentication = null)
74  {
75  $sessionToRenew = '';
76  // Prevent destroying the session of the current user session, but renew session id
77  if ($userAuthentication !== null && (int)$userAuthentication->user['uid'] === $userId) {
78  $sessionToRenew = $userAuthentication->getSessionId();
79  }
80 
81  foreach ($backend->getAll() as $session) {
82  if ($userAuthentication !== null && $session['ses_id'] === $sessionToRenew) {
83  $userAuthentication->enforceNewSessionId();
84  continue;
85  }
86  if ((int)$session['ses_userid'] === $userId) {
87  $backend->remove($session['ses_id']);
88  }
89  }
90  }
91 
100  protected function createSessionBackendFromConfiguration(string $identifier, array $configuration): SessionBackendInterface
101  {
102  $className = $configuration['backend'];
103 
104  if (!is_subclass_of($className, SessionBackendInterface::class)) {
105  throw new \InvalidArgumentException('Configured session backend ' . $className . ' does not implement ' . SessionBackendInterface::class, 1482235035);
106  }
107 
108  $options = $configuration['options'] ?? [];
109 
111  $backend = GeneralUtility::makeInstance($className);
112  $backend->initialize($identifier, $options);
113  return $backend;
114  }
115 }
TYPO3\CMS\Core\Utility\GeneralUtility\makeInstance
static makeInstance($className,... $constructorArguments)
Definition: GeneralUtility.php:3945
$GLOBALS
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']
Definition: ext_localconf.php:38
TYPO3\CMS\Core\Session\SessionManager\invalidateAllSessionsByUserId
invalidateAllSessionsByUserId(SessionBackendInterface $backend, int $userId, AbstractUserAuthentication $userAuthentication=null)
Definition: SessionManager.php:73