‪TYPO3CMS  ‪main
Public Member Functions | Static Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
TYPO3\CMS\Core\Session\UserSession Class Reference
Inheritance diagram for TYPO3\CMS\Core\Session\UserSession:
TYPO3\CMS\Core\Security\JwtTrait

Public Member Functions

string getIdentifier ()
 
int getUserId ()
 
int getLastUpdated ()
 
 set (string $key, $value)
 
 hasData ()
 
 get (string $key)
 
array getData ()
 
 overrideData (array $data)
 
 dataWasUpdated ()
 
 isAnonymous ()
 
string getIpLock ()
 
 isNew ()
 
 isPermanent ()
 
 needsUpdate ()
 
string getJwt (?CookieScope $scope=null)
 
array toArray ()
 

Static Public Member Functions

static createFromRecord (string $id, array $record, bool $markAsNew=false)
 
static createNonFixated (string $identifier)
 
static non empty string null resolveIdentifierFromJwt (string $cookieValue, CookieScope $scope)
 

Protected Member Functions

 __construct (string $identifier, int $userId, int $lastUpdated, array $data=[])
 

Protected Attributes

const SESSION_UPDATE_GRACE_PERIOD = 61
 
string $identifier
 
int $userId
 
int $lastUpdated
 
array $data
 
bool $wasUpdated = false
 
string $ipLock = ''
 
bool $isNew = true
 
bool $isPermanent = false
 

Detailed Description

Represents all information about a user's session. A user session can be bound to a frontend / backend user, or an anonymous session based on session data stored in the session backend.

If a session is anonymous, it can be fixated by storing the session in the backend, but only if there is data in the session.

if a session is user-bound, it is automatically fixated.

The $isNew flag is meant to show that this user session object was not fetched from the session backend, but initialized in the first place by the current request.

The $data argument stores arbitrary data valid for the user's session.

A permanent session is not issued by a session-based cookie but a time-based cookie. The session might be persisted in the user's browser.

Definition at line 44 of file UserSession.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Session\UserSession::__construct ( string  $identifier,
int  $userId,
int  $lastUpdated,
array  $data = [] 
)
protected

Definition at line 57 of file UserSession.php.

References TYPO3\CMS\Core\Session\UserSession\$data, TYPO3\CMS\Core\Session\UserSession\$identifier, TYPO3\CMS\Core\Session\UserSession\$lastUpdated, and TYPO3\CMS\Core\Session\UserSession\$userId.

Member Function Documentation

◆ createFromRecord()

static TYPO3\CMS\Core\Session\UserSession::createFromRecord ( string  $id,
array  $record,
bool  $markAsNew = false 
)
static

Creates a new user session based on the provided session record

Parameters
string$id‪the session identifier

Definition at line 223 of file UserSession.php.

References TYPO3\CMS\Webhooks\Message\$record.

Referenced by TYPO3\CMS\Frontend\Tests\Unit\Authentication\FrontendUserAuthenticationTest\canSetAndUnsetSessionKey(), TYPO3\CMS\Frontend\Tests\Unit\Authentication\FrontendUserAuthenticationTest\canSetSessionDataForAnonymousUser(), TYPO3\CMS\Core\Tests\Unit\Session\UserSessionTest\createFromRecordTest(), TYPO3\CMS\Core\Session\UserSessionManager\createSessionFromStorage(), TYPO3\CMS\Core\Session\UserSessionManager\elevateToFixatedUserSession(), TYPO3\CMS\Core\Tests\Unit\Session\UserSessionManagerTest\fixateAnonymousSessionWillUpdateSessionObject(), TYPO3\CMS\Core\Session\UserSessionManager\getSessionFromSessionId(), TYPO3\CMS\Core\Tests\Unit\Session\UserSessionManagerTest\hasExpiredIsCalculatedCorrectly(), TYPO3\CMS\Core\Session\UserSessionManager\recreateUserSession(), TYPO3\CMS\Core\Session\UserSessionManager\regenerateSession(), and TYPO3\CMS\Core\Tests\Unit\Session\UserSessionManagerTest\updateSessionWillSetLastUpdated().

◆ createNonFixated()

static TYPO3\CMS\Core\Session\UserSession::createNonFixated ( string  $identifier)
static

Creates a non fixated user session. This means the session does not belong to a logged-in user

Definition at line 243 of file UserSession.php.

References $GLOBALS, and TYPO3\CMS\Core\Session\UserSession\$identifier.

Referenced by TYPO3\CMS\Core\Tests\Unit\Authentication\AuthenticationServiceTest\authUserReturns0IfPasswordDoesNotMatch(), TYPO3\CMS\Core\Tests\Unit\Authentication\AuthenticationServiceTest\authUserReturns100IfSubmittedPasswordIsEmpty(), TYPO3\CMS\Core\Tests\Unit\Authentication\AuthenticationServiceTest\authUserReturns100IfUserSubmittedUsernameIsEmpty(), TYPO3\CMS\Core\Tests\Unit\Authentication\AuthenticationServiceTest\authUserReturns200IfPasswordMatch(), TYPO3\CMS\Core\Tests\Unit\Authentication\AuthenticationServiceTest\authUserThrowsExceptionIfPasswordInDbDoesNotResolveToAValidHash(), TYPO3\CMS\Core\Tests\Unit\Authentication\AuthenticationServiceTest\authUserThrowsExceptionIfUserTableIsNotSet(), TYPO3\CMS\Frontend\Tests\Unit\Authentication\FrontendUserAuthenticationTest\canSetAndUnsetSessionKey(), TYPO3\CMS\Frontend\Tests\Unit\Authentication\FrontendUserAuthenticationTest\canSetSessionDataForAnonymousUser(), TYPO3\CMS\Core\Session\UserSessionManager\createAnonymousSession(), TYPO3\CMS\Core\Tests\Unit\Session\UserSessionTest\createNonFixated(), and TYPO3\CMS\Core\Tests\Functional\Authentication\AbstractUserAuthenticationTest\setUp().

◆ dataWasUpdated()

TYPO3\CMS\Core\Session\UserSession::dataWasUpdated ( )

Checks whether the session data has been updated

Definition at line 152 of file UserSession.php.

References TYPO3\CMS\Core\Session\UserSession\$wasUpdated.

◆ get()

TYPO3\CMS\Core\Session\UserSession::get ( string  $key)

Returns the session data for the given $key or NULL if the key does not exist. It is internally used if calling AbstractUserAuthentication->getSessionData()

Definition at line 122 of file UserSession.php.

Referenced by TYPO3\CMS\Core\Session\UserSessionManager\createSessionFromStorage(), TYPO3\CMS\Core\Session\UserSessionManager\getSessionFromSessionId(), and TYPO3\CMS\Core\Session\UserSessionManager\regenerateSession().

◆ getData()

array TYPO3\CMS\Core\Session\UserSession::getData ( )
Returns
‪array the whole data array.

Definition at line 130 of file UserSession.php.

References TYPO3\CMS\Core\Session\UserSession\$data.

◆ getIdentifier()

string TYPO3\CMS\Core\Session\UserSession::getIdentifier ( )
Returns
‪string the session ID. This is the ses_id respectively the AbstractUserAuthentication->id

Definition at line 68 of file UserSession.php.

References TYPO3\CMS\Core\Session\UserSession\$identifier.

Referenced by TYPO3\CMS\Core\Session\UserSessionManager\elevateToFixatedUserSession(), TYPO3\CMS\Core\Session\UserSessionManager\fixateAnonymousSession(), TYPO3\CMS\Core\Session\UserSessionManager\isSessionPersisted(), TYPO3\CMS\Core\Session\UserSessionManager\recreateUserSession(), TYPO3\CMS\Core\Session\UserSessionManager\removeSession(), TYPO3\CMS\Core\Http\SetCookieService\setSessionCookie(), TYPO3\CMS\Core\Session\UserSessionManager\updateSession(), and TYPO3\CMS\Core\Session\UserSessionManager\updateSessionTimestamp().

◆ getIpLock()

string TYPO3\CMS\Core\Session\UserSession::getIpLock ( )
Returns
‪string the ipLock state of the session

Definition at line 169 of file UserSession.php.

References TYPO3\CMS\Core\Session\UserSession\$ipLock.

◆ getJwt()

string TYPO3\CMS\Core\Session\UserSession::getJwt ( ?CookieScope  $scope = null)

Gets session ID wrapped in JWT to be used for emitting a new cookie. Cookie: <JWT(HS256, [identifier => <session-id>], <signature(encryption-key, cookie-domain)>)>

Parameters
?CookieScope‪$scope
Returns
‪string the session ID wrapped in JWT to be used for emitting a new cookie

Definition at line 205 of file UserSession.php.

References TYPO3\CMS\Core\Security\JwtTrait\encodeHashSignedJwt().

Referenced by TYPO3\CMS\Core\Http\SetCookieService\setSessionCookie().

◆ getLastUpdated()

int TYPO3\CMS\Core\Session\UserSession::getLastUpdated ( )
Returns
‪int the timestamp of the last session data update. This is the ses_tstamp.

Definition at line 84 of file UserSession.php.

References TYPO3\CMS\Core\Session\UserSession\$lastUpdated.

Referenced by TYPO3\CMS\Core\Session\UserSessionManager\hasExpired(), and TYPO3\CMS\Core\Session\UserSessionManager\willExpire().

◆ getUserId()

int TYPO3\CMS\Core\Session\UserSession::getUserId ( )
Returns
‪?int the user ID the session belongs to. Can also return 0 or NULL Which indicates an anonymous session. This is the ses_userid.

Definition at line 76 of file UserSession.php.

References TYPO3\CMS\Core\Session\UserSession\$userId.

◆ hasData()

TYPO3\CMS\Core\Session\UserSession::hasData ( )

Checks whether the session has data assigned

Definition at line 112 of file UserSession.php.

◆ isAnonymous()

TYPO3\CMS\Core\Session\UserSession::isAnonymous ( )

Checks if the user session is an anonymous one. This means, the session does not belong to a logged-in user

Definition at line 161 of file UserSession.php.

◆ isNew()

TYPO3\CMS\Core\Session\UserSession::isNew ( )

Checks whether the session is marked as new

Definition at line 177 of file UserSession.php.

References TYPO3\CMS\Core\Session\UserSession\$isNew.

Referenced by TYPO3\CMS\Core\Http\SetCookieService\isSetSessionCookie(), and TYPO3\CMS\Core\Session\UserSessionManager\recreateUserSession().

◆ isPermanent()

TYPO3\CMS\Core\Session\UserSession::isPermanent ( )

Checks whether the session was marked as permanent

Definition at line 185 of file UserSession.php.

References TYPO3\CMS\Core\Session\UserSession\$isPermanent.

Referenced by TYPO3\CMS\Core\Http\SetCookieService\isRefreshTimeBasedCookie(), TYPO3\CMS\Core\Http\SetCookieService\isSetSessionCookie(), and TYPO3\CMS\Core\Session\UserSession\toArray().

◆ needsUpdate()

TYPO3\CMS\Core\Session\UserSession::needsUpdate ( )

Checks whether the session has to be updated

Definition at line 193 of file UserSession.php.

References $GLOBALS, and TYPO3\CMS\Core\Session\UserSession\SESSION_UPDATE_GRACE_PERIOD.

Referenced by TYPO3\CMS\Core\Session\UserSessionManager\updateSessionTimestamp().

◆ overrideData()

TYPO3\CMS\Core\Session\UserSession::overrideData ( array  $data)

Overrides the whole data array. Can also be used to unset the array. This also sets the $wasUpdated pointer to true

Definition at line 139 of file UserSession.php.

References TYPO3\CMS\Core\Session\UserSession\$data.

◆ resolveIdentifierFromJwt()

static non empty string null TYPO3\CMS\Core\Session\UserSession::resolveIdentifierFromJwt ( string  $cookieValue,
CookieScope  $scope 
)
static

Verifies and resolves the session ID from a submitted cookie value: Cookie: <JWT(HS256, [identifier => <session-id>], <signature(encryption-key, cookie-domain)>)>

Parameters
string$cookieValue‪submitted cookie value
CookieScope$scope
Returns
‪non-empty-string|null session ID, null in case verification failed
Exceptions

Definition at line 261 of file UserSession.php.

References TYPO3\CMS\Core\Session\UserSession\$identifier, and TYPO3\CMS\Core\Security\JwtTrait\decodeJwt().

Referenced by TYPO3\CMS\Core\Tests\Unit\Session\UserSessionTest\createFromRecordTest(), and TYPO3\CMS\Core\Session\UserSessionManager\createFromRequestOrAnonymous().

◆ set()

TYPO3\CMS\Core\Session\UserSession::set ( string  $key,
  $value 
)

Sets or updates session data value for a given $key. It is also internally used if calling AbstractUserAuthentication->setSessionData()

Parameters
string$key‪The key whose value should be updated
mixed$value‪The value or NULL to unset the key

Definition at line 96 of file UserSession.php.

◆ toArray()

array TYPO3\CMS\Core\Session\UserSession::toArray ( )

Used internally to store data in the backend

Returns
‪array The session record as array

Definition at line 293 of file UserSession.php.

References TYPO3\CMS\Core\Session\UserSession\$data, TYPO3\CMS\Core\Session\UserSession\$identifier, and TYPO3\CMS\Core\Session\UserSession\isPermanent().

Referenced by TYPO3\CMS\Core\Session\UserSessionManager\fixateAnonymousSession(), and TYPO3\CMS\Core\Session\UserSessionManager\updateSession().

Member Data Documentation

◆ $data

array TYPO3\CMS\Core\Session\UserSession::$data
protected

Definition at line 51 of file UserSession.php.

Referenced by TYPO3\CMS\Core\Session\UserSession\__construct(), TYPO3\CMS\Core\Session\UserSession\getData(), TYPO3\CMS\Core\Session\UserSession\overrideData(), and TYPO3\CMS\Core\Session\UserSession\toArray().

◆ $identifier

string TYPO3\CMS\Core\Session\UserSession::$identifier
protected

Definition at line 48 of file UserSession.php.

Referenced by TYPO3\CMS\Core\Session\UserSession\__construct(), TYPO3\CMS\Core\Session\UserSession\createNonFixated(), TYPO3\CMS\Core\Session\UserSession\getIdentifier(), TYPO3\CMS\Core\Session\UserSession\resolveIdentifierFromJwt(), and TYPO3\CMS\Core\Session\UserSession\toArray().

◆ $ipLock

string TYPO3\CMS\Core\Session\UserSession::$ipLock = ''
protected

Definition at line 53 of file UserSession.php.

Referenced by TYPO3\CMS\Core\Session\UserSession\getIpLock().

◆ $isNew

bool TYPO3\CMS\Core\Session\UserSession::$isNew = true
protected

Definition at line 54 of file UserSession.php.

Referenced by TYPO3\CMS\Core\Session\UserSession\isNew().

◆ $isPermanent

bool TYPO3\CMS\Core\Session\UserSession::$isPermanent = false
protected

Definition at line 55 of file UserSession.php.

Referenced by TYPO3\CMS\Core\Session\UserSession\isPermanent().

◆ $lastUpdated

int TYPO3\CMS\Core\Session\UserSession::$lastUpdated
protected

Definition at line 50 of file UserSession.php.

Referenced by TYPO3\CMS\Core\Session\UserSession\__construct(), and TYPO3\CMS\Core\Session\UserSession\getLastUpdated().

◆ $userId

int TYPO3\CMS\Core\Session\UserSession::$userId
protected

Definition at line 49 of file UserSession.php.

Referenced by TYPO3\CMS\Core\Session\UserSession\__construct(), and TYPO3\CMS\Core\Session\UserSession\getUserId().

◆ $wasUpdated

bool TYPO3\CMS\Core\Session\UserSession::$wasUpdated = false
protected

Definition at line 52 of file UserSession.php.

Referenced by TYPO3\CMS\Core\Session\UserSession\dataWasUpdated().

◆ SESSION_UPDATE_GRACE_PERIOD

const TYPO3\CMS\Core\Session\UserSession::SESSION_UPDATE_GRACE_PERIOD = 61
protected

Definition at line 47 of file UserSession.php.

Referenced by TYPO3\CMS\Core\Session\UserSession\needsUpdate().