\CodeIgniter\Session\HandlersDatabaseHandler

Session handler using current Database for storage

Summary

Methods

Properties

Constants

__construct()
setLogger()
open()
read()
write()
close()
destroy()
gc()

No public properties found

No constants found

destroyCookie()
lockSession()
releaseLock()
fail()

$fingerprint
$lock
$cookiePrefix
$cookieDomain
$cookiePath
$cookieSecure
$cookieName
$matchIP
$sessionID
$savePath
$ipAddress
$logger
$DBGroup
$table
$db
$platform
$rowExists

N/A

No private methods found

No private properties found

N/A

File: src/System/Session/Handlers/DatabaseHandler.php
Package: CodeIgniter
Class hierarchy: \CodeIgniter\Session\Handlers\BaseHandler

\CodeIgniter\Session\Handlers\DatabaseHandler
Implements

Properties

$fingerprint

$fingerprint : boolean

The Data fingerprint.

Type

boolean

$lock

$lock : mixed

Lock placeholder.

Type

mixed

$cookiePrefix

$cookiePrefix : string

Cookie prefix

Type

string

$cookieDomain

$cookieDomain : string

Cookie domain

Type

string

$cookiePath

$cookiePath : string

Cookie path

Type

string

$cookieSecure

$cookieSecure : boolean

Cookie secure?

Type

boolean

$cookieName

$cookieName : string

Cookie name to use

Type

string

$matchIP

$matchIP : boolean

Match IP addresses for cookies?

Type

boolean

$sessionID

$sessionID : string

Current session ID

Type

string

$savePath

$savePath : string

The 'save path' for the session varies between

Type

string

$ipAddress

$ipAddress : string

User's IP address.

Type

string

$logger

$logger : \Psr\Log\LoggerInterface

Type

\Psr\Log\LoggerInterface

$DBGroup

$DBGroup : string

The database group to use for storage.

Type

string

$table

$table : string

The name of the table to store session info.

Type

string

$db

$db : \CodeIgniter\Database\BaseConnection

The DB Connection instance.

Type

\CodeIgniter\Database\BaseConnection

$platform

$platform : string

The database type, for locking purposes.

Type

string

$rowExists

$rowExists : boolean

Row exists flag

Type

boolean

Methods

__construct()

__construct(\CodeIgniter\Config\BaseConfig  $config, string  $ipAddress)

Constructor

Parameters

\CodeIgniter\Config\BaseConfig	$config
string	$ipAddress

setLogger()

setLogger(\Psr\Log\LoggerInterface  $logger)

Sets a logger.

Parameters

\Psr\Log\LoggerInterface

$logger

open()

open(string  $savePath, string  $name) : boolean

Open

Ensures we have an initialized database connection.

Parameters

string	$savePath	Path to session files' directory
string	$name	Session cookie name

Throws

\Exception

Returns

boolean

read()

read(string  $sessionID) : string

Read

Reads session data and acquires a lock

Parameters

string

$sessionID

Session ID

Returns

string —

Serialized session data

write()

write(string  $sessionID, string  $sessionData) : boolean

Write

Writes (create / update) session data

Parameters

string	$sessionID	Session ID
string	$sessionData	Serialized session data

Returns

boolean

close()

close() : boolean

Close

Releases locks and closes file descriptor.

Returns

boolean

destroy()

destroy(string  $sessionID) : boolean

Destroy

Destroys the current session.

Parameters

string

$sessionID

Returns

boolean

gc()

gc(integer  $maxlifetime) : boolean

Garbage Collector

Deletes expired sessions

Parameters

integer

$maxlifetime

Maximum lifetime of sessions

Returns

boolean

destroyCookie()

destroyCookie() : boolean

Internal method to force removal of a cookie by the client when session_destroy() is called.

Returns

boolean

lockSession()

lockSession(string  $sessionID) : boolean

Lock the session.

Parameters

string

$sessionID

Returns

boolean

releaseLock()

releaseLock() : boolean

Releases the lock, if any.

Returns

boolean

fail()

fail() : boolean

Fail

Drivers other than the 'files' one don't (need to) use the session.save_path INI setting, but that leads to confusing error messages emitted by PHP when open() or write() fail, as the message contains session.save_path ... To work around the problem, the drivers will call this method so that the INI is set just in time for the error message to be properly generated.

Returns

boolean

<?php

/**
 * CodeIgniter
 *
 * An open source application development framework for PHP
 *
 * This content is released under the MIT License (MIT)
 *
 * Copyright (c) 2014-2019 British Columbia Institute of Technology
 * Copyright (c) 2019 CodeIgniter Foundation
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 *
 * @package    CodeIgniter
 * @author     CodeIgniter Dev Team
 * @copyright  2019 CodeIgniter Foundation
 * @license    https://opensource.org/licenses/MIT	MIT License
 * @link       https://codeigniter.com
 * @since      Version 4.0.0
 * @filesource
 */

namespace CodeIgniter\Session\Handlers;

use CodeIgniter\Session\Exceptions\SessionException;
use CodeIgniter\Config\BaseConfig;
use CodeIgniter\Database\BaseConnection;
use Config\Database;

/**
 * Session handler using current Database for storage
 */
class DatabaseHandler extends BaseHandler implements \SessionHandlerInterface
{

	/**
	 * The database group to use for storage.
	 *
	 * @var string
	 */
	protected $DBGroup;

	/**
	 * The name of the table to store session info.
	 *
	 * @var string
	 */
	protected $table;

	/**
	 * The DB Connection instance.
	 *
	 * @var BaseConnection
	 */
	protected $db;

	/**
	 * The database type, for locking purposes.
	 *
	 * @var string
	 */
	protected $platform;

	/**
	 * Row exists flag
	 *
	 * @var boolean
	 */
	protected $rowExists = false;

	//--------------------------------------------------------------------

	/**
	 * Constructor
	 *
	 * @param BaseConfig $config
	 * @param string     $ipAddress
	 */
	public function __construct(BaseConfig $config, string $ipAddress)
	{
		parent::__construct($config, $ipAddress);

		// Determine Table
		$this->table = $config->sessionSavePath;

		if (empty($this->table))
		{
			throw SessionException::forMissingDatabaseTable();
		}

		// Get DB Connection
		$this->DBGroup = $config->sessionDBGroup ?? config(Database::class)->defaultGroup;

		$this->db = Database::connect($this->DBGroup);

		// Determine Database type
		$driver = strtolower(get_class($this->db));
		if (strpos($driver, 'mysql') !== false)
		{
			$this->platform = 'mysql';
		}
		elseif (strpos($driver, 'postgre') !== false)
		{
			$this->platform = 'postgre';
		}
	}

	//--------------------------------------------------------------------

	/**
	 * Open
	 *
	 * Ensures we have an initialized database connection.
	 *
	 * @param string $savePath Path to session files' directory
	 * @param string $name     Session cookie name
	 *
	 * @return boolean
	 * @throws \Exception
	 */
	public function open($savePath, $name): bool
	{
		if (empty($this->db->connID))
		{
			$this->db->initialize();
		}

		return true;
	}

	//--------------------------------------------------------------------

	/**
	 * Read
	 *
	 * Reads session data and acquires a lock
	 *
	 * @param string $sessionID Session ID
	 *
	 * @return string    Serialized session data
	 */
	public function read($sessionID): string
	{
		if ($this->lockSession($sessionID) === false)
		{
			$this->fingerprint = md5('');
			return '';
		}

		// Needed by write() to detect session_regenerate_id() calls
		if (is_null($this->sessionID))
		{
			$this->sessionID = $sessionID;
		}

		$builder = $this->db->table($this->table)
				->select('data')
				->where('id', $sessionID);

		if ($this->matchIP)
		{
			$builder = $builder->where('ip_address', $this->ipAddress);
		}

		$result = $builder->get()->getRow();

		if ($result === null)
		{
			// PHP7 will reuse the same SessionHandler object after
			// ID regeneration, so we need to explicitly set this to
			// FALSE instead of relying on the default ...
			$this->rowExists   = false;
			$this->fingerprint = md5('');

			return '';
		}

		// PostgreSQL's variant of a BLOB datatype is Bytea, which is a
		// PITA to work with, so we use base64-encoded data in a TEXT
		// field instead.
		if (is_bool($result))
		{
			$result = '';
		}
		else
		{
			$result = ($this->platform === 'postgre') ? base64_decode(rtrim($result->data)) : $result->data;
		}

		$this->fingerprint = md5($result);
		$this->rowExists   = true;

		return $result;
	}

	//--------------------------------------------------------------------

	/**
	 * Write
	 *
	 * Writes (create / update) session data
	 *
	 * @param string $sessionID   Session ID
	 * @param string $sessionData Serialized session data
	 *
	 * @return boolean
	 */
	public function write($sessionID, $sessionData): bool
	{
		if ($this->lock === false)
		{
			return $this->fail();
		}

		// Was the ID regenerated?
		elseif ($sessionID !== $this->sessionID)
		{
			$this->rowExists = false;
			$this->sessionID = $sessionID;
		}

		if ($this->rowExists === false)
		{
			$insertData = [
				'id'         => $sessionID,
				'ip_address' => $this->ipAddress,
				'timestamp'  => time(),
				'data'       => $this->platform === 'postgre' ? base64_encode($sessionData) : $sessionData,
			];

			if (! $this->db->table($this->table)->insert($insertData))
			{
				return $this->fail();
			}

			$this->fingerprint = md5($sessionData);
			$this->rowExists   = true;

			return true;
		}

		$builder = $this->db->table($this->table)->where('id', $sessionID);

		if ($this->matchIP)
		{
			$builder = $builder->where('ip_address', $this->ipAddress);
		}

		$updateData = [
			'timestamp' => time(),
		];

		if ($this->fingerprint !== md5($sessionData))
		{
			$updateData['data'] = ($this->platform === 'postgre') ? base64_encode($sessionData) : $sessionData;
		}

		if (! $builder->update($updateData))
		{
			return $this->fail();
		}

		$this->fingerprint = md5($sessionData);

		return true;
	}

	//--------------------------------------------------------------------

	/**
	 * Close
	 *
	 * Releases locks and closes file descriptor.
	 *
	 * @return boolean
	 */
	public function close(): bool
	{
		return ($this->lock && ! $this->releaseLock()) ? $this->fail() : true;
	}

	//--------------------------------------------------------------------

	/**
	 * Destroy
	 *
	 * Destroys the current session.
	 *
	 * @param string $sessionID
	 *
	 * @return boolean
	 */
	public function destroy($sessionID): bool
	{
		if ($this->lock)
		{
			$builder = $this->db->table($this->table)->where('id', $sessionID);

			if ($this->matchIP)
			{
				$builder = $builder->where('ip_address', $this->ipAddress);
			}

			if (! $builder->delete())
			{
				return $this->fail();
			}
		}

		if ($this->close())
		{
			$this->destroyCookie();

			return true;
		}

		return $this->fail();
	}

	//--------------------------------------------------------------------

	/**
	 * Garbage Collector
	 *
	 * Deletes expired sessions
	 *
	 * @param integer $maxlifetime Maximum lifetime of sessions
	 *
	 * @return boolean
	 */
	public function gc($maxlifetime): bool
	{
		return ($this->db->table($this->table)->delete('timestamp < ' . (time() - $maxlifetime))) ? true : $this->fail();
	}

	//--------------------------------------------------------------------

	/**
	 * Lock the session.
	 *
	 * @param  string $sessionID
	 * @return boolean
	 */
	protected function lockSession(string $sessionID): bool
	{
		if ($this->platform === 'mysql')
		{
			$arg = md5($sessionID . ($this->matchIP ? '_' . $this->ipAddress : ''));
			if ($this->db->query("SELECT GET_LOCK('{$arg}', 300) AS ci_session_lock")->getRow()->ci_session_lock)
			{
				$this->lock = $arg;
				return true;
			}

			return $this->fail();
		}
		elseif ($this->platform === 'postgre')
		{
			$arg = "hashtext('{$sessionID}')" . ($this->matchIP ? ", hashtext('{$this->ipAddress}')" : '');
			if ($this->db->simpleQuery("SELECT pg_advisory_lock({$arg})"))
			{
				$this->lock = $arg;
				return true;
			}

			return $this->fail();
		}

		// Unsupported DB? Let the parent handle the simplified version.
		return parent::lockSession($sessionID);
	}

	//--------------------------------------------------------------------

	/**
	 * Releases the lock, if any.
	 *
	 * @return boolean
	 */
	protected function releaseLock(): bool
	{
		if (! $this->lock)
		{
			return true;
		}

		if ($this->platform === 'mysql')
		{
			if ($this->db->query("SELECT RELEASE_LOCK('{$this->lock}') AS ci_session_lock")->getRow()->ci_session_lock)
			{
				$this->lock = false;
				return true;
			}

			return $this->fail();
		}
		elseif ($this->platform === 'postgre')
		{
			if ($this->db->simpleQuery("SELECT pg_advisory_unlock({$this->lock})"))
			{
				$this->lock = false;
				return true;
			}

			return $this->fail();
		}

		// Unsupported DB? Let the parent handle the simple version.
		return parent::releaseLock();
	}

	//--------------------------------------------------------------------
}