SessionService implements SingletonInterface uses BlockSerializationTrait
Secure session handling for the install tool.
This class is only meant to be used within EXT:install and is not part of the TYPO3 Core API.
Table of Contents
Interfaces
- SingletonInterface
- "empty" interface for singletons (marker interface pattern)
Methods
- __construct() : mixed
- __wakeup() : mixed
- Deny object deserialization.
- addMessage() : mixed
- Add a message to "Flash" message storage.
- destroySession() : mixed
- Destroys a session
- getBackendUserSession() : array{userId: int, nonce: string, hmac: string}
- getMessagesAndFlush() : array<string|int, FlashMessage>
- Return stored session messages and flush.
- hasActiveBackendUserRoleAndSession() : bool
- Evaluates whether the backend user that initiated this admin tool session, has an active role (is still admin & system maintainer) and has an active backend user interface session.
- hasSessionCookie() : bool
- Checks whether is session cookie is set
- initializeSession() : mixed
- installSessionHandler() : void
- isAuthorized() : bool
- Check if we have an already authorized session
- isAuthorizedBackendUserSession() : bool
- Check if we have an authorized session from a system maintainer
- isExpired() : bool
- Check if our session is expired.
- refreshSession() : mixed
- Refreshes our session information, rising the expire time.
- resetSession() : mixed
- Reset session. Sets _SESSION to empty array.
- setAuthorized() : mixed
- Marks this session as an "authorized" one (login successful).
- setAuthorizedBackendSession() : mixed
- Marks this session as an "authorized by backend user" one.
- startSession() : string|false
- Starts a new session
- getBackendUserRecord() : array<string, int>|null
- Fetching a user record with uid=$uid.
- getBackendUserSessionBackend() : SessionBackendInterface
- getIniValueBoolean() : bool
- Cast an on/off php ini value to boolean
- isSessionAutoStartEnabled() : bool
- Check if php session.auto_start is enabled
Methods
__construct()
public
__construct(HashService $hashService) : mixed
Parameters
- $hashService : HashService
__wakeup()
Deny object deserialization.
public
__wakeup() : mixed
addMessage()
Add a message to "Flash" message storage.
public
addMessage(FlashMessage $message) : mixed
Parameters
- $message : FlashMessage
-
A message to add
destroySession()
Destroys a session
public
destroySession(ServerRequestInterface|null $request) : mixed
Parameters
- $request : ServerRequestInterface|null
getBackendUserSession()
public
getBackendUserSession() : array{userId: int, nonce: string, hmac: string}
Return values
array{userId: int, nonce: string, hmac: string} —backend user session references
getMessagesAndFlush()
Return stored session messages and flush.
public
getMessagesAndFlush() : array<string|int, FlashMessage>
Return values
array<string|int, FlashMessage> —Messages
hasActiveBackendUserRoleAndSession()
Evaluates whether the backend user that initiated this admin tool session, has an active role (is still admin & system maintainer) and has an active backend user interface session.
public
hasActiveBackendUserRoleAndSession() : bool
Return values
bool —whether the backend user has an active role and backend user interface session
hasSessionCookie()
Checks whether is session cookie is set
public
hasSessionCookie(ServerRequestInterface $request) : bool
Parameters
- $request : ServerRequestInterface
Return values
boolinitializeSession()
public
initializeSession() : mixed
installSessionHandler()
public
installSessionHandler() : void
isAuthorized()
Check if we have an already authorized session
public
isAuthorized(ServerRequestInterface $request) : bool
Parameters
- $request : ServerRequestInterface
Return values
bool —TRUE if this session has been authorized before (by a correct password)
isAuthorizedBackendUserSession()
Check if we have an authorized session from a system maintainer
public
isAuthorizedBackendUserSession(ServerRequestInterface $request) : bool
Parameters
- $request : ServerRequestInterface
Return values
bool —TRUE if this session has been authorized before and initialized by a backend system maintainer
isExpired()
Check if our session is expired.
public
isExpired(ServerRequestInterface $request) : bool
Useful only right after a FALSE "isAuthorized" to see if this is the reason for not being authorized anymore.
Parameters
- $request : ServerRequestInterface
Return values
bool —TRUE if an authorized session exists, but is expired
refreshSession()
Refreshes our session information, rising the expire time.
public
refreshSession() : mixed
Also generates a new session ID every 5 minutes to minimize the risk of session hijacking.
resetSession()
Reset session. Sets _SESSION to empty array.
public
resetSession() : mixed
setAuthorized()
Marks this session as an "authorized" one (login successful).
public
setAuthorized() : mixed
Should only be called if: a) we have a valid session running b) the "password" or some other authorization mechanism really matched
setAuthorizedBackendSession()
Marks this session as an "authorized by backend user" one.
public
setAuthorizedBackendSession(UserSession $userSession) : mixed
This is called by BackendModuleController from backend context.
Parameters
- $userSession : UserSession
-
session of the current backend user
startSession()
Starts a new session
public
startSession() : string|false
Return values
string|false —The session ID
getBackendUserRecord()
Fetching a user record with uid=$uid.
protected
getBackendUserRecord(int $uid) : array<string, int>|null
Functionally similar to TYPO3\CMS\Core\Authentication\BackendUserAuthentication::setBeUserByUid().
Parameters
- $uid : int
-
The UID of the backend user
Return values
array<string, int>|null —The backend user record or NULL
getBackendUserSessionBackend()
protected
getBackendUserSessionBackend() : SessionBackendInterface
Return values
SessionBackendInterfacegetIniValueBoolean()
Cast an on/off php ini value to boolean
protected
getIniValueBoolean(string $configOption) : bool
Parameters
- $configOption : string
Return values
bool —TRUE if the given option is enabled, FALSE if disabled
isSessionAutoStartEnabled()
Check if php session.auto_start is enabled
protected
isSessionAutoStartEnabled() : bool
Return values
bool —TRUE if session.auto_start is enabled, FALSE if disabled