Commit d79d5ac2 authored by Petr Škoda's avatar Petr Škoda
Browse files

MDL-31501 rework user session architecture

List of changes:
 * New OOP API using PHP namespace \core\session\.
 * All handlers now update the sessions table consistently.
 * Experimental DB session support in Oracle.
 * Full support for session file handler (filesystem locking required).
 * New option for alternative session directory.
 * Official memcached session handler support.
 * Workaround for memcached version with non-functional gc.
 * Improved security - forced session id regeneration.
 * Improved compatibility with recent PHP releases.
 * Fixed borked CSS during install in debug mode.
 * Switched to file based sessions in new installs.
 * DB session setting disappears if DB does not support sessions.
 * DB session setting disappears if session handler specified in config.php.
 * Fast purging of sessions used in request only.
 * No legacy distinction -  file, database and memcached support the same functionality.
 * Session handler name included in performance info.
 * Fixed user_loggedin and use...
parent 81881cb9
......@@ -51,7 +51,7 @@ switch ($action) {
if ($auth == $CFG->registerauth) {
set_config('registerauth', '');
}
session_gc(); // remove stale sessions
\core\session\manager::gc(); // Remove stale sessions.
break;
case 'enable':
......@@ -61,7 +61,7 @@ switch ($action) {
$authsenabled = array_unique($authsenabled);
set_config('auth', implode(',', $authsenabled));
}
session_gc(); // remove stale sessions
\core\session\manager::gc(); // Remove stale sessions.
break;
case 'down':
......
......@@ -172,7 +172,7 @@ set_config('branch', $branch);
upgrade_noncore(true);
// log in as admin - we need doanything permission when applying defaults
session_set_user(get_admin());
\core\session\manager::set_user(get_admin());
// apply all default settings, just in case do it twice to fill all defaults
admin_apply_default_settings(NULL, false);
......
......@@ -53,7 +53,7 @@ require_once($CFG->libdir.'/clilib.php');
require_once($CFG->libdir.'/cronlib.php');
// extra safety
session_get_instance()->write_close();
\core\session\manager::write_close();
// check if execution allowed
if (!empty($CFG->cronclionly)) {
......
......@@ -163,7 +163,7 @@ if (!core_tables_exist()) {
$strinstallation = get_string('installation', 'install');
// remove current session content completely
session_get_instance()->terminate_current();
\core\session\manager::terminate_current();
if (empty($agreelicense)) {
$strlicense = get_string('license');
......
......@@ -35,7 +35,9 @@ $ADMIN->add('server', $temp);
// "sessionhandling" settingpage
$temp = new admin_settingpage('sessionhandling', new lang_string('sessionhandling', 'admin'));
$temp->add(new admin_setting_configcheckbox('dbsessions', new lang_string('dbsessions', 'admin'), new lang_string('configdbsessions', 'admin'), 1));
if (empty($CFG->session_handler_class) and $DB->session_lock_supported()) {
$temp->add(new admin_setting_configcheckbox('dbsessions', new lang_string('dbsessions', 'admin'), new lang_string('configdbsessions', 'admin'), 0));
}
$temp->add(new admin_setting_configselect('sessiontimeout', new lang_string('sessiontimeout', 'admin'), new lang_string('configsessiontimeout', 'admin'), 7200, array(14400 => new lang_string('numhours', '', 4),
10800 => new lang_string('numhours', '', 3),
7200 => new lang_string('numhours', '', 2),
......
......@@ -47,7 +47,7 @@ if (!$confirm) {
}
raise_memory_limit(MEMORY_EXTRA);
// Release session.
session_get_instance()->write_close();
\core\session\manager::write_close();
echo $renderer->header();
echo $renderer->heading(get_string('batchupgrade', 'tool_assignmentupgrade'));
......
......@@ -52,7 +52,7 @@ require_once($CFG->libdir.'/dtllib.php');
function tool_dbtransfer_export_xml_database($description, $mdb) {
@set_time_limit(0);
session_get_instance()->write_close(); // Release session.
\core\session\manager::write_close(); // Release session.
header('Content-Type: application/xhtml+xml; charset=utf-8');
header('Content-Disposition: attachment; filename=database.xml');
......@@ -79,7 +79,7 @@ function tool_dbtransfer_export_xml_database($description, $mdb) {
function tool_dbtransfer_transfer_database(moodle_database $sourcedb, moodle_database $targetdb, progress_trace $feedback = null) {
@set_time_limit(0);
session_get_instance()->write_close(); // Release session.
\core\session\manager::write_close(); // Release session.
$var = new database_mover($sourcedb, $targetdb, true, $feedback);
$var->export_database(null);
......
......@@ -90,7 +90,7 @@ if ($error = tool_generator_course_backend::check_shortname_available($shortname
}
// Switch to admin user account.
session_set_user(get_admin());
\core\session\manager::set_user(get_admin());
// Do backend code to generate course.
$backend = new tool_generator_course_backend($shortname, $size, $fixeddataset, empty($options['quiet']));
......
......@@ -88,7 +88,7 @@ try {
}
// Switch to admin user account.
session_set_user(get_admin());
\core\session\manager::set_user(get_admin());
// Do backend code to generate site.
$backend = new tool_generator_site_backend($size, $options['bypasscheck'], $fixeddataset, empty($options['quiet']));
......
......@@ -687,7 +687,7 @@ if ($formdata = $mform2->is_cancelled()) {
}
if ($dologout) {
session_kill_user($existinguser->id);
\core\session\manager::kill_user_sessions($existinguser->id);
}
} else {
......
......@@ -82,10 +82,10 @@
die;
} else if (data_submitted() and !$user->deleted) {
if (delete_user($user)) {
session_gc(); // remove stale sessions
\core\session\manager::gc(); // Remove stale sessions.
redirect($returnurl);
} else {
session_gc(); // remove stale sessions
\core\session\manager::gc(); // Remove stale sessions.
echo $OUTPUT->header();
echo $OUTPUT->notification($returnurl, get_string('deletednot', '', fullname($user, true)));
}
......@@ -125,7 +125,7 @@
if (!is_siteadmin($user) and $USER->id != $user->id and $user->suspended != 1) {
$user->suspended = 1;
// Force logout.
session_kill_user($user->id);
\core\session\manager::kill_user_sessions($user->id);
user_update_user($user, false);
}
}
......
......@@ -34,7 +34,7 @@ if ($confirm and confirm_sesskey()) {
}
}
$rs->close();
session_gc(); // remove stale sessions
\core\session\manager::gc(); // Remove stale sessions.
echo $OUTPUT->box_start('generalbox', 'notice');
if (!empty($notifications)) {
echo $notifications;
......
......@@ -808,7 +808,7 @@ class auth_plugin_ldap extends auth_plugin_base {
$updateuser->suspended = 1;
user_update_user($updateuser, false);
echo "\t"; print_string('auth_dbsuspenduser', 'auth_db', array('name'=>$user->username, 'id'=>$user->id)); echo "\n";
session_kill_user($user->id);
\core\session\manager::kill_user_sessions($user->id);
}
} else {
print_string('nouserentriestoremove', 'auth_ldap');
......
......@@ -141,7 +141,7 @@ class auth_plugin_mnet extends auth_plugin_base {
global $CFG, $USER, $DB;
require_once $CFG->dirroot . '/mnet/xmlrpc/client.php';
if (session_is_loggedinas()) {
if (\core\session\manager::is_loggedinas()) {
print_error('notpermittedtojumpas', 'mnet');
}
......@@ -919,7 +919,7 @@ class auth_plugin_mnet extends auth_plugin_base {
$returnString .= "We failed to refresh the session for the following usernames: \n".implode("\n", $subArray)."\n\n";
} else {
foreach($results as $emigrant) {
session_touch($emigrant->session_id);
\core\session\manager::touch_session($emigrant->session_id);
}
}
}
......@@ -1076,7 +1076,7 @@ class auth_plugin_mnet extends auth_plugin_base {
array('useragent'=>$useragent, 'userid'=>$userid));
if (isset($remoteclient) && isset($remoteclient->id)) {
session_kill_user($userid);
\core\session\manager::kill_user_sessions($userid);
}
return $returnstring;
}
......@@ -1096,7 +1096,7 @@ class auth_plugin_mnet extends auth_plugin_base {
$session = $DB->get_record('mnet_session', array('username'=>$username, 'mnethostid'=>$remoteclient->id, 'useragent'=>$useragent));
$DB->delete_records('mnet_session', array('username'=>$username, 'mnethostid'=>$remoteclient->id, 'useragent'=>$useragent));
if (false != $session) {
session_kill($session->session_id);
\core\session\manager::kill_session($session->session_id);
return true;
}
return false;
......@@ -1113,7 +1113,7 @@ class auth_plugin_mnet extends auth_plugin_base {
global $CFG;
if (is_array($sessionArray)) {
while($session = array_pop($sessionArray)) {
session_kill($session->session_id);
\core\session\manager::kill_session($session->session_id);
}
return true;
}
......
......@@ -48,7 +48,7 @@
&& $user = authenticate_user_login($frm->username, $frm->password)) {
enrol_check_plugins($user);
session_set_user($user);
\core\session\manager::set_user($user);
$USER->loggedin = true;
$USER->site = $CFG->wwwroot; // for added security, store the site in the
......
......@@ -34,7 +34,7 @@ $PAGE->set_url('/badges/ajax.php');
$PAGE->set_context(context_system::instance());
// Unlock session during potentially long curl request.
session_get_instance()->write_close();
\core\session\manager::write_close();
$result = badges_check_backpack_accessibility();
......
......@@ -81,7 +81,7 @@ function block_html_pluginfile($course, $birecord_or_cm, $context, $filearea, $a
$forcedownload = true;
}
session_get_instance()->write_close();
\core\session\manager::write_close();
send_stored_file($file, 60*60, 0, $forcedownload, $options);
}
......
......@@ -25,7 +25,7 @@ class block_mnet_hosts extends block_list {
return false;
}
if (session_is_loggedinas()) {
if (\core\session\manager::is_loggedinas()) {
$this->content = new stdClass();
$this->content->footer = html_writer::tag('span',
get_string('notpermittedtojumpas', 'mnet'));
......
......@@ -277,6 +277,6 @@ class core_calendar_type_testcase extends advanced_testcase {
*/
private function set_calendar_type($type) {
$this->user->calendartype = $type;
session_set_user($this->user);
\core\session\manager::set_user($this->user);
}
}
......@@ -224,10 +224,22 @@ $CFG->admin = 'admin';
// RewriteRule (^.*/theme/yui_combo\.php)(/.*) $1?file=$2
//
//
// By default all user sessions should be using locking, uncomment
// the following setting to prevent locking for guests and not-logged-in
// accounts. This may improve performance significantly.
// $CFG->sessionlockloggedinonly = 1;
// Following settings may be used to select session driver, uncomment only one of the handlers.
// Database session handler (not compatible with MyISAM):
// $CFG->session_handler_class = '\core\session\database';
// $CFG->session_database_acquire_lock_timeout = 120;
//
// File session handler (file system locking required):
// $CFG->session_handler_class = '\core\session\file';
// $CFG->session_file_save_path = $CFG->dataroot.'/sessions';
//
// Memcached session handler (requires memcached server and extension):
// $CFG->session_handler_class = '\core\session\memcached';
// $CFG->session_memcached_save_path = '127.0.0.1:11211';
// $CFG->session_memcached_prefix = 'memc.sess.key.';
//
// Following setting allows you to alter how frequently is timemodified updated in sessions table.
// $CFG->session_update_timemodified_frequency = 20; // In seconds.
//
// If this setting is set to true, then Moodle will track the IP of the
// current user to make sure it hasn't changed during a session. This
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment