phpDocumentor GalleryCore
Classes
[ class tree: GalleryCore ] [ index: GalleryCore ] [ all elements ]

Class: GallerySession

Source Location: /modules/core/classes/GallerySession.class

Class GallerySession

Property Summary
string   $_authToken   Authentication token to verify genuine requests.
string   $_cookieDomain   The domain for our cookie.
int   $_creationTime   The time this session was created.
boolean   $_doNotUseTempId   Whether no pseudo/temporary session id should be returned on getId() if there is no real session id yet.
int   $_expirationLimit   How many sessions to delete per expireSessions() call.
boolean   $_forceSaveSession   Whether a persistent session should be forced to be created.
boolean   $_isPersistent   Whether this is a persistent session or just a session for this single request.
boolean   $_isPersistentSessionAllowedForRequest   Whether a persistent session is allowed to be created in this request.
boolean   $_isPersistentSessionNew   Whether a persistent session has been created (not updated) in this request.
boolean   $_isSearchEngineSession   Whether this is a session for a search engine.
boolean   $_isSessionSaved   Whether the session has been saved in the persistent store during the current request handling. Used to determine whether we need to "touch" the session to prevent it from expiring in case the session data hasn't changed anyway.
boolean   $_isUsingCookies   Is it OK to rely on cookies for this session?
string   $_loadedSessionData   The serialized session data as loaded from database.
int   $_modificationTime   The time this session was last modified.
array   $_remoteIdentifier   A set of identifying values that we can use to verify that the session is coming from the same browser as it used to (to prevent session hijacking).
array   $_sessionData   The session data.
string   $_sessionId   The id of this session.
int   $_userId   The id of the session's user.

[ Top ]
Method Summary
static array   getRemoteIdentifier()   Return a value that we can use to identify the client. We can't tie it to the IP address because that changes too frequently (dialup users, users behind proxies) so we have to be creative. Changing this algorithm will cause all existing sessions to be discarded.
string   addToNavigation()   Start new navigation.
int   compareIdentifiers()   Compare two arrays and return score consisting of 1 point for each matching element.
void   doNotUseTempId()   Instruct the session to not return a pseudo temporary session id on getId() calls Makes sure that the URL generator and other componennts don't use a pseudo session id for guest users without a real session. Call this method before starting to output immediate views the progress bar.
void   exists()   Check to see if a value exists in the session.
string   &get()   Get a value from the session data.
string   getAuthToken()   Returns the authentication token associated with this session.
void   getCookieDomain()  
int   getCreationTime()   Return the Unix timestamp from when this session was created.
string   getId()   The session id.
string   getKey()   The session key parameter used in URLs and the cookie.
int   getModificationTime()   Return the Unix timestamp from when this session was last modified.
array   getNavigation()   Get data for a specific navigation id.
string   getSessionId()   Return the session id.
array   getStatus()   Get a status message.
int   getUserId()   Return the user id of the active user of this sesison.
array   hasSiteAdminSessionExpired()   Check if the site admininstration session timeout has expired
GalleryStatus   init()   Either create a new session, or attach to an existing one.
GalleryStatus   initEmpty()   Set a new/unused sessionid.
bool   isCorrectAuthToken()   Checks the given authentication token and resets the internal token on failure.
boolean   isPersistent()   Whether this session is a persistent session (= stored on the server) or just a session for this single request. Note that a non-persistent session can become persistent at the end of the request when we evaluate the conditions whether to create a persistent session or not.
bool   isSearchEngineSession()   Return true if this session is identified as one coming from a search engine.
boolean   isUsingCookies()   Is this transaction known to be using cookies?
void   jumpNavigation()   Jump back from one navigation point to one of its predecessors.
void   put()   Store a value in the session.
void   putStatus()   Store a status message.
GalleryStatus   regenerate()   Regenerate the session id to prevent a session fixation attack by a hostile website.
void   remove()   Remove a value from the session.
mixed   replaceSessionIdInData()   Replaces the session id in all string members of an object or in all elements of an array.
string   replaceTempSessionIdIfNecessary()   If we started this request without a sessionId, then we used SESSION_TEMP_ID in all generated
GalleryStatus   reset()   Clean/remove and reinitialize a session.
GalleryStatus   save()   Save any session changes to the store. Does not save sessions that don't have a sessionId yet. Triggers the expiration of existing persistent sessions in 2% of all calls.
void   setUserId()   Set the active user id for this session.
GalleryStatus   start()   Start session by ensuring we've got a valid, unique sessionId and send cookie if necessary.
GalleryStatus   _acquireNewPersistentSession()   Acquire a new persistent session and guarantee we've got a valid, unqiue sessionId.
void   _emptySessionData()   Get rid of all session data.
GalleryStatus   _expireSessions()   Get rid of any sessions that have not been accessed within our inactivity timeout or have exceeded the max lifetime.
string   _getSerializedSession()   Get the serialized session for comparing purposes.
boolen   _isHttps()   Determine if the request is using the HTTPS protocol.
boolean   _isPersistentSessionAllowedForRequest()   Whether this controller/view request generally allows creating a session.
array   _isPersistentSessionRequired()   Check whether this session should be persistent or not.
GalleryStatus   _loadSessionData()   Load the session data or generate a new session with new data. Also sets $this->_isPersistent to true if loaded from persistent store.
GalleryStatus   _setCookie()   Send back a cookie to the browser.

[ Top ]
Properties
string   $_authToken = '' [line 179]

Authentication token to verify genuine requests.

API Tags:
Access:  private


[ Top ]
string   $_cookieDomain [line 105]

The domain for our cookie.

API Tags:
Access:  private


[ Top ]
int   $_creationTime [line 56]

The time this session was created.

API Tags:
Access:  private


[ Top ]
boolean   $_doNotUseTempId [line 144]

Whether no pseudo/temporary session id should be returned on getId() if there is no real session id yet.

API Tags:
Access:  private


[ Top ]
int   $_expirationLimit = 500 [line 172]

How many sessions to delete per expireSessions() call.

API Tags:
Access:  private


[ Top ]
boolean   $_forceSaveSession [line 165]

Whether a persistent session should be forced to be created.

API Tags:
Access:  private


[ Top ]
boolean   $_isPersistent [line 151]

Whether this is a persistent session or just a session for this single request.

API Tags:
Access:  private


[ Top ]
boolean   $_isPersistentSessionAllowedForRequest [line 158]

Whether a persistent session is allowed to be created in this request.

API Tags:
Access:  private


[ Top ]
boolean   $_isPersistentSessionNew [line 136]

Whether a persistent session has been created (not updated) in this request.

API Tags:
Access:  private


[ Top ]
boolean   $_isSearchEngineSession [line 129]

Whether this is a session for a search engine.

API Tags:
Access:  private


[ Top ]
boolean   $_isSessionSaved [line 122]

Whether the session has been saved in the persistent store during the current request handling. Used to determine whether we need to "touch" the session to prevent it from expiring in case the session data hasn't changed anyway.

API Tags:
Access:  private


[ Top ]
boolean   $_isUsingCookies = false [line 77]

Is it OK to rely on cookies for this session?

API Tags:
Access:  private


[ Top ]
string   $_loadedSessionData [line 91]

The serialized session data as loaded from database.

API Tags:
Access:  private


[ Top ]
int   $_modificationTime [line 63]

The time this session was last modified.

API Tags:
Access:  private


[ Top ]
array   $_remoteIdentifier [line 113]

A set of identifying values that we can use to verify that the session is coming from the same browser as it used to (to prevent session hijacking).

API Tags:
Access:  private


[ Top ]
array   $_sessionData [line 98]

The session data.

API Tags:
Access:  private


[ Top ]
string   $_sessionId [line 70]

The id of this session.

API Tags:
Access:  private


[ Top ]
int   $_userId [line 84]

The id of the session's user.

API Tags:
Access:  private


[ Top ]
Methods
static method getRemoteIdentifier  [line 1272]

  static array getRemoteIdentifier( )

Return a value that we can use to identify the client. We can't tie it to the IP address because that changes too frequently (dialup users, users behind proxies) so we have to be creative. Changing this algorithm will cause all existing sessions to be discarded.



[ Top ]
addToNavigation  [line 1365]

  string addToNavigation( array $navigationData  )

Start new navigation.

Parameters:
array   $navigationData:  data for this new navigation: array('returnName' => ... 'returnUrl' => ... ['returnNavId' => ...])

API Tags:
Return:  the navigation id
Deprecated:  

Information Tags:
Todo:  will be removed in the next API branch

[ Top ]
compareIdentifiers  [line 1312]

  int compareIdentifiers( $a, $b  )

Compare two arrays and return score consisting of 1 point for each matching element.

Example input: $a = array(0, 'x', 2); $b = array(0, 'y', 2); Example output: 2 (Indexes 0 and 2 match, index 1 does not)

Parameters:
   $a: 
   $b: 

API Tags:
Return:  a score


[ Top ]
doNotUseTempId  [line 1174]

  void doNotUseTempId( )

Instruct the session to not return a pseudo temporary session id on getId() calls Makes sure that the URL generator and other componennts don't use a pseudo session id for guest users without a real session. Call this method before starting to output immediate views the progress bar.



[ Top ]
exists  [line 1261]

  void exists( string $key  )

Check to see if a value exists in the session.

Parameters:
string   $key: 


[ Top ]
get  [line 1231]

  string &get( string $key  )

Get a value from the session data.

Parameters:
string   $key: 

API Tags:
Return:  the value or null if it doesn't exist


[ Top ]
getAuthToken  [line 1428]

  string getAuthToken( )

Returns the authentication token associated with this session.


API Tags:
Return:  the authentication token


[ Top ]
getCookieDomain  [line 1203]

  void getCookieDomain( )



[ Top ]
getCreationTime  [line 1394]

  int getCreationTime( )

Return the Unix timestamp from when this session was created.


API Tags:
Return:  the creation time


[ Top ]
getId  [line 1160]

  string getId( )

The session id.


API Tags:
Return:  an id (like "A124DFE7A90")


[ Top ]
getKey  [line 1152]

  string getKey( )

The session key parameter used in URLs and the cookie.



[ Top ]
getModificationTime  [line 1402]

  int getModificationTime( )

Return the Unix timestamp from when this session was last modified.


API Tags:
Return:  the modification time


[ Top ]
getNavigation  [line 1376]

  array getNavigation( string $navId  )

Get data for a specific navigation id.

Parameters:
string   $navId:  the navigation id

API Tags:
Return:  the navigation data
Deprecated:  

Information Tags:
Todo:  will be removed in the next API branch

[ Top ]
getSessionId  [line 1351]

  string getSessionId( )

Return the session id.


API Tags:
Return:  the session id
Deprecated:  

Information Tags:
Todo:  will be removed in the next API branch

[ Top ]
getStatus  [line 1337]

  array getStatus( [boolean $remove = true]  )

Get a status message.

Parameters:
boolean   $remove:  (optional)

API Tags:
Return:  the status message


Redefined in descendants as:

[ Top ]
getUserId  [line 1182]

  int getUserId( )

Return the user id of the active user of this sesison.


API Tags:
Return:  the user id


[ Top ]
hasSiteAdminSessionExpired  [line 1461]

  array hasSiteAdminSessionExpired( )

Check if the site admininstration session timeout has expired


API Tags:
Return:  GalleryStatus a status code boolean true if the timeout has expired.
Access:  public


[ Top ]
init  [line 185]

  GalleryStatus init( )

Either create a new session, or attach to an existing one.


API Tags:
Return:  a status code


[ Top ]
initEmpty  [line 430]

  GalleryStatus initEmpty( [boolean $emptyRemoteId = false], [int $userId = null]  )

Set a new/unused sessionid.

Parameters:
boolean   $emptyRemoteId:  (optional) if true don't initialize remoteIdentifier
int   $userId:  (optional) user for session, defaults to anonymous

API Tags:
Return:  a status code


[ Top ]
isCorrectAuthToken  [line 1444]

  bool isCorrectAuthToken( string $authToken  )

Checks the given authentication token and resets the internal token on failure.

Parameters:
string   $authToken:  Authentication token to be verified

API Tags:
Return:  true if the given


[ Top ]
isPersistent  [line 1412]

  boolean isPersistent( )

Whether this session is a persistent session (= stored on the server) or just a session for this single request. Note that a non-persistent session can become persistent at the end of the request when we evaluate the conditions whether to create a persistent session or not.


API Tags:
Return:  true if the session is persistent, else false


[ Top ]
isSearchEngineSession  [line 1420]

  bool isSearchEngineSession( )

Return true if this session is identified as one coming from a search engine.


API Tags:
Return:  true if this is a search engine session


[ Top ]
isUsingCookies  [line 1222]

  boolean isUsingCookies( )

Is this transaction known to be using cookies?



[ Top ]
jumpNavigation  [line 1387]

  void jumpNavigation( string $fromNavId, [string $destNavId = '']  )

Jump back from one navigation point to one of its predecessors.

Parameters:
string   $fromNavId:  the source navigation id
string   $destNavId:  the destination navigation id. If empty, go back to root.

API Tags:
Deprecated:  

Information Tags:
Todo:  will be removed in the next API branch

[ Top ]
put  [line 1245]

  void put( string $key, string $value  )

Store a value in the session.

Parameters:
string   $key: 
string   $value: 


[ Top ]
putStatus  [line 1328]

  void putStatus( array $statusData  )

Store a status message.

Parameters:
array   $statusData: 


Redefined in descendants as:

[ Top ]
regenerate  [line 502]

  GalleryStatus regenerate( )

Regenerate the session id to prevent a session fixation attack by a hostile website.


API Tags:
Return:  a status code


[ Top ]
remove  [line 1253]

  void remove( string $key  )

Remove a value from the session.

Parameters:
string   $key: 


[ Top ]
replaceSessionIdInData  [line 1032]

  mixed replaceSessionIdInData( mixed $subject, [string $search = null], [string $replace = null]  )

Replaces the session id in all string members of an object or in all elements of an array.

Applies replaceTempSessionIdIfNecessary to all strings if $search and $replace are omitted. Else it applies str_replace($search, $replace, $subject) on all strings.

Examples: $themeData = $session->replaceSessionIdInData($themeData, $sessionId, SESSION_TEMP_ID);

$themeData = $session->replaceSessionIdInData($themeData);

Parameters:
mixed   $subject:  array, object or string that should be modified
string   $search:  (optional) string to be replaced
string   $replace:  (optional) replacement string

API Tags:
Return:  converted subject


[ Top ]
replaceTempSessionIdIfNecessary  [line 976]

  string replaceTempSessionIdIfNecessary( string $html  )

If we started this request without a sessionId, then we used SESSION_TEMP_ID in all generated

URLs etc as a placeholder. If we still have no sessionId, remove g2_GALLERYSID=SESSION_TEMP_SID from all generated URLs and remove SESSION_TEMP_ID from the HTML. If a session was created (saved in the persistent store) during the request, replace the SESSION_TEMP_ID with the new/real session id.

Parameters:
string   $html:  HTML

API Tags:
Return:  same HTML with replaced or removed sessionId


[ Top ]
reset  [line 464]

  GalleryStatus reset( )

Clean/remove and reinitialize a session.


API Tags:
Return:  a status code


[ Top ]
save  [line 360]

  GalleryStatus save( [boolean $useNonTransactionalConnection = false]  )

Save any session changes to the store. Does not save sessions that don't have a sessionId yet. Triggers the expiration of existing persistent sessions in 2% of all calls.

Parameters:
boolean   $useNonTransactionalConnection:  (optional) set to true if we should save this session outside of any existing transaction.

API Tags:
Return:  a status code


Redefined in descendants as:

[ Top ]
setUserId  [line 1190]

  void setUserId( int $userId  )

Set the active user id for this session.

Parameters:
int   $userId: 


[ Top ]
start  [line 306]

  GalleryStatus start( )

Start session by ensuring we've got a valid, unique sessionId and send cookie if necessary.


API Tags:
Return:  a status code


[ Top ]
_acquireNewPersistentSession  [line 682]

  GalleryStatus _acquireNewPersistentSession( )

Acquire a new persistent session and guarantee we've got a valid, unqiue sessionId.


API Tags:
Return:  a status code


[ Top ]
_emptySessionData  [line 951]

  void _emptySessionData( )

Get rid of all session data.


API Tags:
Access:  private


[ Top ]
_expireSessions  [line 1061]

  GalleryStatus _expireSessions( )

Get rid of any sessions that have not been accessed within our inactivity timeout or have exceeded the max lifetime.


API Tags:
Return:  a status code
Access:  private


Redefined in descendants as:

[ Top ]
_getSerializedSession  [line 1283]

  string _getSerializedSession( )

Get the serialized session for comparing purposes.


API Tags:
Return:  serialized session
Access:  private


[ Top ]
_isHttps  [line 1294]

  boolen _isHttps( )

Determine if the request is using the HTTPS protocol.


API Tags:
Return:  true if the request is using HTTPS
Access:  private


[ Top ]
_isPersistentSessionAllowedForRequest  [line 822]

  boolean _isPersistentSessionAllowedForRequest( )

Whether this controller/view request generally allows creating a session.

Don't save session in core.DownloadItem, migrate.Redirect, ... requests Reason: In these requests we don't need to save the session or create a new one because a) the session is not modified (DownloadItem, CSS) b) we return an image / css and not a HTML page (DownloadItem, CSS) c) there will be either a DownloadItem / ShowItem request anyway (migrate.Redirect) d) in migrate.Redirect requests, the cookie path we would set would most certainly be wrong, because the internal mod_rewrite redirect doesn't change all PHP SERVER variables

And if we stored the session, it would result in *a lot* unneeded sessions, eg. for migrate redirects or hotlinked images.


API Tags:
Return:  true if a persistent session can be created in this request
Access:  private


[ Top ]
_isPersistentSessionRequired  [line 743]

  array _isPersistentSessionRequired( )

Check whether this session should be persistent or not.

For guest users, we don't create sessions, unless their session has non-default data. Also, the session based permission cache and the navigation isn't regarded important enough to create a session.


API Tags:
Return:  GalleryStatus a status code, boolean session is necessary
Access:  private


[ Top ]
_loadSessionData  [line 853]

  GalleryStatus _loadSessionData( )

Load the session data or generate a new session with new data. Also sets $this->_isPersistent to true if loaded from persistent store.


API Tags:
Return:  a status code
Access:  private


[ Top ]
_setCookie  [line 545]

  GalleryStatus _setCookie( [boolean $delete = false]  )

Send back a cookie to the browser.

Parameters:
boolean   $delete:  (optional) whether to delete the cookie

API Tags:
Return:  a status code
Access:  private


[ Top ]

Documentation generated on Fri, 08 Oct 2010 05:03:53 -0700 by phpDocumentor 1.3.0RC6