CoreLibs/development
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update session class with checks, etc

Browse Source 
Add a write close session call to end a session for AJAX calls
Add error strings to session start method
Add check call for session names that they are valid
This commit is contained in:
Clemens Schwaighofer
2022-05-13 14:14:08 +09:00
parent 2b689b666a
commit 27087a0e0e
3 changed files with 86 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
www/admin/class_test.session.php
View File

@@ -17,6 +17,7 @@ if ($DEBUG_ALL) {
* @param int $status * @param int $status
* @return string * @return string
*/ */
/** @phan-suppress-next-line PhanRedefineFunction */
function getSessionStatusString(int $status): string function getSessionStatusString(int $status): string
{ {
switch ($status) { switch ($status) {
@@ -82,7 +83,7 @@ echo "Global session name: " . ($GLOBALS['SET_SESSION_NAME'] ?? '-') . "<br>";
print "[UNSET] Current session id: " . Session::getSessionId() . "<br>"; print "[UNSET] Current session id: " . Session::getSessionId() . "<br>";
print "[UNSET] Current session name: " . Session::getSessionName() . "<br>"; print "[UNSET] Current session name: " . Session::getSessionName() . "<br>";
print "[UNSET] Current session active: " . Session::checkActiveSession() . "<br>"; print "[UNSET] Current session active: " . (Session::checkActiveSession() ? 'Yes' : 'No') . "<br>";
print "[UNSET] Current session status: " . getSessionStatusString(Session::getSessionStatus()) . "<br>"; print "[UNSET] Current session status: " . getSessionStatusString(Session::getSessionStatus()) . "<br>";
if (isset($_SESSION)) { if (isset($_SESSION)) {
print "[UNSET] _SESSION is: set<br>"; print "[UNSET] _SESSION is: set<br>";
@@ -92,22 +93,20 @@ if (isset($_SESSION)) {
# #
print "[UNSET] To set session name valid: " print "[UNSET] To set session name valid: "
. (Session::checkValidSessionName($session_name) ? 'Valid' : 'Invalid') . "<br>"; . (Session::checkValidSessionName($session_name) ? 'Valid' : 'Invalid') . "<br>";
$session = Session::startSession($session_name); if (false === ($session = Session::startSession($session_name))) {
if ($session === false) {
print "[FAILED] Session start failed: " . Session::getErrorStr() . "<br>"; print "[FAILED] Session start failed: " . Session::getErrorStr() . "<br>";
} else { } else {
print "[SET] Current session id: " . $session . "<br>"; print "[SET] Current session id: " . $session . "<br>";
} }
// set again // set again
$session = Session::startSession($session_name); if (false === ($session = Session::startSession($session_name))) {
if ($session === false) {
print "[2 FAILED] Session start failed: " . Session::getErrorStr() . "<br>"; print "[2 FAILED] Session start failed: " . Session::getErrorStr() . "<br>";
} else { } else {
print "[2 SET] Current session id: " . $session . "<br>"; print "[2 SET] Current session id: " . $session . "<br>";
} }
print "[SET] Current session id: " . Session::getSessionId() . "<br>"; print "[SET] Current session id: " . Session::getSessionId() . "<br>";
print "[SET] Current session name: " . Session::getSessionName() . "<br>"; print "[SET] Current session name: " . Session::getSessionName() . "<br>";
print "[SET] Current session active: " . Session::checkActiveSession() . "<br>"; print "[SET] Current session active: " . (Session::checkActiveSession() ? 'Yes' : 'No') . "<br>";
print "[SET] Current session status: " . getSessionStatusString(Session::getSessionStatus()) . "<br>"; print "[SET] Current session status: " . getSessionStatusString(Session::getSessionStatus()) . "<br>";
if (isset($_SESSION)) { if (isset($_SESSION)) {
print "[SET] _SESSION is: set<br>"; print "[SET] _SESSION is: set<br>";
@@ -126,8 +125,7 @@ print "[READ] Confirm " . $var . " is " . $value . ": "
// differnt session name // differnt session name
$session_name = 'class-test-session-ALT'; $session_name = 'class-test-session-ALT';
$session = Session::startSession($session_name); if (false === ($session = Session::startSession($session_name))) {
if ($session === false) {
print "[3 FAILED] Session start failed: " . Session::getErrorStr() . "<br>"; print "[3 FAILED] Session start failed: " . Session::getErrorStr() . "<br>";
} else { } else {
print "[3 SET] Current session id: " . $session . "<br>"; print "[3 SET] Current session id: " . $session . "<br>";
@@ -143,8 +141,7 @@ $_SESSION['will_never_be_written'] = 'empty';
// open again // open again
$session_name = 'class-test-session'; $session_name = 'class-test-session';
$session = Session::startSession($session_name); if (false === ($session = Session::startSession($session_name))) {
if ($session === false) {
print "[4 FAILED] Session start failed: " . Session::getErrorStr() . "<br>"; print "[4 FAILED] Session start failed: " . Session::getErrorStr() . "<br>";
} else { } else {
print "[4 SET] Current session id: " . $session . "<br>"; print "[4 SET] Current session id: " . $session . "<br>";
@@ -152,6 +149,20 @@ if ($session === false) {
print "[START AGAIN] Current session id: " . Session::getSessionId() . "<br>"; print "[START AGAIN] Current session id: " . Session::getSessionId() . "<br>";
$_SESSION['will_be_written_again'] = 'Full'; $_SESSION['will_be_written_again'] = 'Full';
// close session
Session::writeClose();
// invalid
$session_name = '123';
if (false === ($session = Session::startSession($session_name))) {
print "[5 FAILED] Session start failed: " . Session::getErrorStr() . "<br>";
} else {
print "[5 SET] Current session id: " . $session . "<br>";
}
print "[BAD NAME] Current session id: " . Session::getSessionId() . "<br>";
print "[BAD NAME] Current session name: " . Session::getSessionName() . "<br>";
print "[BAD NAME] Current session active: " . (Session::checkActiveSession() ? 'Yes' : 'No') . "<br>";
print "[BAD NAME] Current session status: " . getSessionStatusString(Session::getSessionStatus()) . "<br>";
// error message // error message
print $log->printErrorMsg(); print $log->printErrorMsg();

11
www/admin/class_test.session.read.php
View File

@@ -17,6 +17,7 @@ if ($DEBUG_ALL) {
* @param int $status * @param int $status
* @return string * @return string
*/ */
/** @phan-suppress-next-line PhanRedefineFunction */
function getSessionStatusString(int $status): string function getSessionStatusString(int $status): string
{ {
switch ($status) { switch ($status) {
@@ -78,27 +79,25 @@ echo "Global session name: " . ($GLOBALS['SET_SESSION_NAME'] ?? '-') . "<br>";
print "[UNSET] Current session id: " . Session::getSessionId() . "<br>"; print "[UNSET] Current session id: " . Session::getSessionId() . "<br>";
print "[UNSET] Current session name: " . Session::getSessionName() . "<br>"; print "[UNSET] Current session name: " . Session::getSessionName() . "<br>";
print "[UNSET] Current session active: " . Session::checkActiveSession() . "<br>"; print "[UNSET] Current session active: " . (Session::checkActiveSession() ? 'Yes' : 'No') . "<br>";
print "[UNSET] Current session status: " . getSessionStatusString(Session::getSessionStatus()) . "<br>"; print "[UNSET] Current session status: " . getSessionStatusString(Session::getSessionStatus()) . "<br>";
print "[READ] " . $var . ": " . ($_SESSION[$var] ?? '{UNSET}') . "<br>"; print "[READ] " . $var . ": " . ($_SESSION[$var] ?? '{UNSET}') . "<br>";
// start // start
$session = Session::startSession($session_name); if (false === ($session = Session::startSession($session_name))) {
if ($session === false) {
print "Session start failed: " . Session::getErrorStr() . "<br>"; print "Session start failed: " . Session::getErrorStr() . "<br>";
} else { } else {
print "Current session id: " . $session . "<br>"; print "Current session id: " . $session . "<br>";
} }
// set again // set again
$session = Session::startSession($session_name); if (false === ($session = Session::startSession($session_name))) {
if ($session === false) {
print "[2] Session start failed<br>"; print "[2] Session start failed<br>";
} else { } else {
print "[2] Current session id: " . $session . "<br>"; print "[2] Current session id: " . $session . "<br>";
} }
print "[SET] Current session id: " . Session::getSessionId() . "<br>"; print "[SET] Current session id: " . Session::getSessionId() . "<br>";
print "[SET] Current session name: " . Session::getSessionName() . "<br>"; print "[SET] Current session name: " . Session::getSessionName() . "<br>";
print "[SET] Current session active: " . Session::checkActiveSession() . "<br>"; print "[SET] Current session active: " . (Session::checkActiveSession() ? 'Yes' : 'No') . "<br>";
print "[SET] Current session status: " . getSessionStatusString(Session::getSessionStatus()) . "<br>"; print "[SET] Current session status: " . getSessionStatusString(Session::getSessionStatus()) . "<br>";
print "[READ] " . $var . ": " . ($_SESSION[$var] ?? '{UNSET}') . "<br>"; print "[READ] " . $var . ": " . ($_SESSION[$var] ?? '{UNSET}') . "<br>";
print "[READ] Confirm " . $var . " is " . $value . ": " print "[READ] Confirm " . $var . " is " . $value . ": "

61
www/lib/CoreLibs/Create/Session.php
View File

@@ -18,6 +18,9 @@ namespace CoreLibs\Create;
class Session class Session
{ {
/** @var string list for errors*/
private static $error_str = '';
/** /**
* init a session * init a session
*/ */
@@ -25,6 +28,41 @@ class Session
{ {
} }
/**
* Return set error string, empty if none set
*
* @return string Last error string
*/
public static function getErrorStr(): string
{
return self::$error_str;
}
/**
* check if session name is valid
*
* As from PHP 8.1/8.0/7.4 error
* INVALID CHARS: =,; \t\r\n\013\014
* NOTE: using . will fail even thought valid
* we allow only alphanumeric with - (dash) and 1 to 128 characters
*
* @param string $session_name any string, not null
* @return bool True for valid, False for invalid
*/
public static function checkValidSessionName(string $session_name): bool
{
// check
if (
// must only have those
!preg_match('/^[-a-zA-Z0-9]{1,128}$/', $session_name) ||
// cannot be only numbers
preg_match('/^[0-9]+$/', $session_name)
) {
return false;
}
return true;
}
/** /**
* Undocumented function * Undocumented function
* *
@@ -35,10 +73,12 @@ class Session
{ {
// we can't start sessions on command line // we can't start sessions on command line
if (php_sapi_name() === 'cli') { if (php_sapi_name() === 'cli') {
self::$error_str = '[SESSION] No sessions in php cli';
return false; return false;
} }
// if session are OFF // if session are OFF
if (self::getSessionStatus() === PHP_SESSION_DISABLED) { if (self::getSessionStatus() === PHP_SESSION_DISABLED) {
self::$error_str = '[SESSION] Sessions are disabled';
return false; return false;
} }
// session_status // session_status
@@ -59,6 +99,11 @@ class Session
} }
// if set, set special session name // if set, set special session name
if (!empty($session_name)) { if (!empty($session_name)) {
// invalid session name, abort
if (!self::checkValidSessionName($session_name)) {
self::$error_str = '[SESSION] Invalid session name: ' . $session_name;
return false;
}
session_name($session_name); session_name($session_name);
} }
// start session // start session
@@ -66,6 +111,7 @@ class Session
} }
// if we still have no active session // if we still have no active session
if (!self::checkActiveSession()) { if (!self::checkActiveSession()) {
self::$error_str = '[SESSION] Failed to activate session';
return false; return false;
} }
return self::getSessionId(); return self::getSessionId();
@@ -95,7 +141,7 @@ class Session
* Checks if there is an active session. * Checks if there is an active session.
* Does not check if we can have a session * Does not check if we can have a session
* *
* @return boolean True if there is an active session, else false * @return bool True if there is an active session, else false
*/ */
public static function checkActiveSession(): bool public static function checkActiveSession(): bool
{ {
@@ -106,6 +152,19 @@ class Session
} }
} }
/**
* unlock the session file, so concurrent AJAX requests can be done
* NOTE: after this has been called, no changes in _SESSION will be stored
* NOTE: a new session with a different name can be started after this one is called
* if problem, run ob_flush() and flush() too
*
* @return bool True und sucess, false on failure
*/
public static function writeClose(): bool
{
return session_write_close();
}
/** /**
* get session status * get session status
* PHP_SESSION_DISABLED if sessions are disabled. * PHP_SESSION_DISABLED if sessions are disabled.