‪TYPO3CMS  ‪main
TYPO3\CMS\Core\Session\UserSession Class Reference
Inheritance diagram for TYPO3\CMS\Core\Session\UserSession:

Public Member Functions

string getIdentifier ()
int getUserId ()
int getLastUpdated ()
 set (string $key, $value)
 hasData ()
 get (string $key)
array getData ()
 overrideData (array $data)
 dataWasUpdated ()
 isAnonymous ()
string getIpLock ()
 isNew ()
 isPermanent ()
 needsUpdate ()
string getJwt (?CookieScope $scope=null)
array toArray ()

Static Public Member Functions

static createFromRecord (string $id, array $record, bool $markAsNew=false)
static createNonFixated (string $identifier)
static non empty string null resolveIdentifierFromJwt (string $cookieValue, CookieScope $scope)

Protected Member Functions

 __construct (string $identifier, int $userId, int $lastUpdated, array $data=[])

Protected Attributes

string $identifier
int $userId
int $lastUpdated
array $data
bool $wasUpdated = false
string $ipLock = ''
bool $isNew = true
bool $isPermanent = false

Detailed Description

Represents all information about a user's session. A user session can be bound to a frontend / backend user, or an anonymous session based on session data stored in the session backend.

If a session is anonymous, it can be fixated by storing the session in the backend, but only if there is data in the session.

if a session is user-bound, it is automatically fixated.

The $isNew flag is meant to show that this user session object was not fetched from the session backend, but initialized in the first place by the current request.

The $data argument stores arbitrary data valid for the user's session.

A permanent session is not issued by a session-based cookie but a time-based cookie. The session might be persisted in the user's browser.

Definition at line 44 of file UserSession.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Session\UserSession::__construct ( string  $identifier,
int  $userId,
int  $lastUpdated,
array  $data = [] 

Member Function Documentation

◆ createFromRecord()

◆ createNonFixated()

◆ dataWasUpdated()

TYPO3\CMS\Core\Session\UserSession::dataWasUpdated ( )

Checks whether the session data has been updated

Definition at line 152 of file UserSession.php.

References TYPO3\CMS\Core\Session\UserSession\$wasUpdated.

◆ get()

TYPO3\CMS\Core\Session\UserSession::get ( string  $key)

Returns the session data for the given $key or NULL if the key does not exist. It is internally used if calling AbstractUserAuthentication->getSessionData()

Definition at line 122 of file UserSession.php.

Referenced by TYPO3\CMS\Core\Session\UserSessionManager\createSessionFromStorage(), TYPO3\CMS\Core\Session\UserSessionManager\getSessionFromSessionId(), and TYPO3\CMS\Core\Session\UserSessionManager\regenerateSession().

◆ getData()

array TYPO3\CMS\Core\Session\UserSession::getData ( )
‪array the whole data array.

Definition at line 130 of file UserSession.php.

References TYPO3\CMS\Core\Session\UserSession\$data.

◆ getIdentifier()

◆ getIpLock()

string TYPO3\CMS\Core\Session\UserSession::getIpLock ( )
‪string the ipLock state of the session

Definition at line 169 of file UserSession.php.

References TYPO3\CMS\Core\Session\UserSession\$ipLock.

◆ getJwt()

string TYPO3\CMS\Core\Session\UserSession::getJwt ( ?CookieScope  $scope = null)

Gets session ID wrapped in JWT to be used for emitting a new cookie. Cookie: <JWT(HS256, [identifier => <session-id>], <signature(encryption-key, cookie-domain)>)>

‪string the session ID wrapped in JWT to be used for emitting a new cookie

Definition at line 205 of file UserSession.php.

References TYPO3\CMS\Core\Security\JwtTrait\encodeHashSignedJwt().

Referenced by TYPO3\CMS\Core\Http\SetCookieService\setSessionCookie().

◆ getLastUpdated()

int TYPO3\CMS\Core\Session\UserSession::getLastUpdated ( )
‪int the timestamp of the last session data update. This is the ses_tstamp.

Definition at line 84 of file UserSession.php.

References TYPO3\CMS\Core\Session\UserSession\$lastUpdated.

Referenced by TYPO3\CMS\Core\Session\UserSessionManager\hasExpired(), and TYPO3\CMS\Core\Session\UserSessionManager\willExpire().

◆ getUserId()

int TYPO3\CMS\Core\Session\UserSession::getUserId ( )
‪?int the user ID the session belongs to. Can also return 0 or NULL Which indicates an anonymous session. This is the ses_userid.

Definition at line 76 of file UserSession.php.

References TYPO3\CMS\Core\Session\UserSession\$userId.

◆ hasData()

TYPO3\CMS\Core\Session\UserSession::hasData ( )

Checks whether the session has data assigned

Definition at line 112 of file UserSession.php.

◆ isAnonymous()

TYPO3\CMS\Core\Session\UserSession::isAnonymous ( )

Checks if the user session is an anonymous one. This means, the session does not belong to a logged-in user

Definition at line 161 of file UserSession.php.

◆ isNew()

TYPO3\CMS\Core\Session\UserSession::isNew ( )

◆ isPermanent()

TYPO3\CMS\Core\Session\UserSession::isPermanent ( )

◆ needsUpdate()

TYPO3\CMS\Core\Session\UserSession::needsUpdate ( )

Checks whether the session has to be updated

Definition at line 193 of file UserSession.php.

References $GLOBALS, and TYPO3\CMS\Core\Session\UserSession\SESSION_UPDATE_GRACE_PERIOD.

Referenced by TYPO3\CMS\Core\Session\UserSessionManager\updateSessionTimestamp().

◆ overrideData()

TYPO3\CMS\Core\Session\UserSession::overrideData ( array  $data)

Overrides the whole data array. Can also be used to unset the array. This also sets the $wasUpdated pointer to true

Definition at line 139 of file UserSession.php.

References TYPO3\CMS\Core\Session\UserSession\$data.

◆ resolveIdentifierFromJwt()

static non empty string null TYPO3\CMS\Core\Session\UserSession::resolveIdentifierFromJwt ( string  $cookieValue,
CookieScope  $scope 

Verifies and resolves the session ID from a submitted cookie value: Cookie: <JWT(HS256, [identifier => <session-id>], <signature(encryption-key, cookie-domain)>)>

string$cookieValue‪submitted cookie value
‪non-empty-string|null session ID, null in case verification failed

Definition at line 261 of file UserSession.php.

References TYPO3\CMS\Core\Session\UserSession\$identifier, and TYPO3\CMS\Core\Security\JwtTrait\decodeJwt().

Referenced by TYPO3\CMS\Core\Tests\Unit\Session\UserSessionTest\createFromRecordTest(), and TYPO3\CMS\Core\Session\UserSessionManager\createFromRequestOrAnonymous().

◆ set()

TYPO3\CMS\Core\Session\UserSession::set ( string  $key,

Sets or updates session data value for a given $key. It is also internally used if calling AbstractUserAuthentication->setSessionData()

string$key‪The key whose value should be updated
mixed$value‪The value or NULL to unset the key

Definition at line 96 of file UserSession.php.

◆ toArray()

array TYPO3\CMS\Core\Session\UserSession::toArray ( )

Member Data Documentation

◆ $data

◆ $identifier

◆ $ipLock

string TYPO3\CMS\Core\Session\UserSession::$ipLock = ''

Definition at line 53 of file UserSession.php.

Referenced by TYPO3\CMS\Core\Session\UserSession\getIpLock().

◆ $isNew

bool TYPO3\CMS\Core\Session\UserSession::$isNew = true

Definition at line 54 of file UserSession.php.

Referenced by TYPO3\CMS\Core\Session\UserSession\isNew().

◆ $isPermanent

bool TYPO3\CMS\Core\Session\UserSession::$isPermanent = false

Definition at line 55 of file UserSession.php.

Referenced by TYPO3\CMS\Core\Session\UserSession\isPermanent().

◆ $lastUpdated

int TYPO3\CMS\Core\Session\UserSession::$lastUpdated

◆ $userId

int TYPO3\CMS\Core\Session\UserSession::$userId

◆ $wasUpdated

bool TYPO3\CMS\Core\Session\UserSession::$wasUpdated = false

Definition at line 52 of file UserSession.php.

Referenced by TYPO3\CMS\Core\Session\UserSession\dataWasUpdated().


const TYPO3\CMS\Core\Session\UserSession::SESSION_UPDATE_GRACE_PERIOD = 61

Definition at line 47 of file UserSession.php.

Referenced by TYPO3\CMS\Core\Session\UserSession\needsUpdate().