[ Index ]

PHP Cross Reference of Unnamed Project

title

Body

[close]

/lib/classes/session/ -> manager.php (summary)

[Source view] [Print] [Project Stats]

Session manager class.

Copyright: 2013 Petr Skoda {@link http://skodak.org}
License: http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
File Size: 912 lines (33 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 1 class

manager:: (23 methods):
  start()
  get_performance_info()
  load_handler()
  init_empty_session()
  prepare_cookies()
  initialise_user_session()
  add_session_record()
  check_security()
  login_user()
  terminate_current()
  write_close()
  session_exists()
  touch_session()
  kill_all_sessions()
  kill_session()
  kill_user_sessions()
  apply_concurrent_login_limit()
  set_user()
  gc()
  is_loggedinas()
  get_realuser()
  loginas()
  keepalive()


Class: manager  - X-Ref

Session manager, this is the public Moodle API for sessions.

Following PHP functions MUST NOT be used directly:
- session_start() - not necessary, lib/setup.php starts session automatically,
use define('NO_MOODLE_COOKIE', true) if session not necessary.
- session_write_close() - use \core\session\manager::write_close() instead.
- session_destroy() - use require_logout() instead.

start()   X-Ref
Start user session.

Note: This is intended to be called only from lib/setup.php!

get_performance_info()   X-Ref
Returns current page performance info.

return: array perf info

load_handler()   X-Ref
Create handler instance.


init_empty_session()   X-Ref
Empty current session, fill it with not-logged-in user info.

This is intended for installation scripts, unit tests and other
special areas. Do NOT use for logout and session termination
in normal requests!

prepare_cookies()   X-Ref
Make sure all cookie and session related stuff is configured properly before session start.


initialise_user_session($newsid)   X-Ref
Initialise $_SESSION, handles google access
and sets up not-logged-in user properly.

WARNING: $USER and $SESSION are set up later, do not use them yet!

param: bool $newsid is this a new session in first http request?

add_session_record($userid)   X-Ref
Insert new empty session record.

param: int $userid
return: \stdClass the new record

check_security()   X-Ref
Do various session security checks.

WARNING: $USER and $SESSION are set up later, do not use them yet!

login_user(\stdClass $user)   X-Ref
Login user, to be called from complete_user_login() only.

param: \stdClass $user

terminate_current()   X-Ref
Terminate current user session.

return: void

write_close()   X-Ref
No more changes in session expected.
Unblocks the sessions, other scripts may start executing in parallel.


session_exists($sid)   X-Ref
Does the PHP session with given id exist?

The session must exist both in session table and actual
session backend and the session must not be timed out.

Timeout evaluation is simplified, the auth hooks are not executed.

param: string $sid
return: bool

touch_session($sid)   X-Ref
Fake last access for given session, this prevents session timeout.

param: string $sid

kill_all_sessions()   X-Ref
Terminate all sessions unconditionally.


kill_session($sid)   X-Ref
Terminate give session unconditionally.

param: string $sid

kill_user_sessions($userid, $keepsid = null)   X-Ref
Terminate all sessions of given user unconditionally.

param: int $userid
param: string $keepsid keep this sid if present

apply_concurrent_login_limit($userid, $sid = null)   X-Ref
Terminate other sessions of current user depending
on $CFG->limitconcurrentlogins restriction.

This is expected to be called right after complete_user_login().

NOTE:
* Do not use from SSO auth plugins, this would not work.
* Do not use from web services because they do not have sessions.

param: int $userid
param: string $sid session id to be always keep, usually the current one
return: void

set_user(\stdClass $user)   X-Ref
Set current user.

param: \stdClass $user record

gc()   X-Ref
Periodic timed-out session cleanup.


is_loggedinas()   X-Ref
Is current $USER logged-in-as somebody else?

return: bool

get_realuser()   X-Ref
Returns the $USER object ignoring current login-as session

return: \stdClass user object

loginas($userid, \context $context)   X-Ref
Login as another user - no security checks here.

param: int $userid
param: \context $context
return: void

keepalive($identifier = 'sessionerroruser', $component = 'error', $frequency = null)   X-Ref
Add a JS session keepalive to the page.

A JS session keepalive script will be called to update the session modification time every $frequency seconds.

Upon failure, the specified error message will be shown to the user.

param: string $identifier The string identifier for the message to show on failure.
param: string $component The string component for the message to show on failure.
param: int $frequency The update frequency in seconds.


Generated: Thu Aug 11 10:00:09 2016 Cross-referenced by PHPXref 0.7.1