Session:
regenerate session id after some time or random.
Default is 'never', can be 'interval' form 0 to 1h and random from always to 1 in 100
Session also checks that strict session settings are enabled
Login class:
Automatic re-read of acl settings after some time (default 5min, can be chnaged via option).
Default set strict headers, can be turned off via option
Moved various parts into their own methods and cleaned up double call logic.
Login is now recorded in the last login entry
no more debug flags are read from the database anymore
All options are set via array and not with a single option (was auto login)
create new session on class call, there is no need to delay that at all
new option to auto write close a session
session_id and session_name are stored as class vars
deprecate the __set/__get part because we do not want to set via ->session_var_name
but use the set()/get() methods.
They have been renamed from setS/getS... to set/get alone
DB Class throws Exception if on init it fails to connect to the DB,
will not throw Exception if failed connection during execution but
will do the normal retry and soft failure run
DB\ArrayIO will throw Exception on missing table array and table name
All Exceptions have a code set
All variable declarations in all classes have a strict type set
Exception: constants (will be setable from PHP 8.3 on), resources (no type)
Debug\LoggingLegacy is kept as is, will be deprecated
DB\IO Tester now has correct testing for pgVersion string compare. Uses
mocked pgVersion return for this
Session class update with full magic set/get or method set/get for
_SESSION var. Also added full testing for this
All static Session:: calls (except for checking valid session name) are
converted to object type. This Object is passed on to Login, Admin
Backend and any other class that needs basic session checking
Update edit_access_data table and set unique check for edit_access_id +
name so we do not have two identical keys for one edit access set
Update config host and add more test domains for various access tests
Update Session and move cli check to Get\System class. Some other minor
session info updates
New method \Get\System::checkCLI() returns true if the sapi name has
cli inside, else false
Add a write close session call to end a session for AJAX calls
Add error strings to session start method
Add check call for session names that they are valid
Move all session_id and check calls function calls that we have to Session class
In Login class use new false return for session set check
Be sure all session set variables are unset, do extra unset call and
destroy call on close session
Login class does not set GLOBALS anymore (DEBUG_ALL, DB_DEBUG)
Update Logging to check for DEBUG_ALL from SESSION and set DEBUG_ALL on
and PRINT_ALL on.
All logging setting vars are primary via options and only if not set
there fallback to SESSION/GLOBALS and then defaults
DB:IO code for debug flag check has been updated for primary check in
config, then session/globals
Debug update for logging tester for first step to remove Basic class
call.
NOTE: after basic php unit tests are written the clean up for no longer
using Basic class has to start.
Switch to logging class for logging only needs
If not created Logger class will be auto created in \DB\IO
Recommended to run a CoreLibs\Debug\Logging([...]); and use this class
for all ACL\Login, Admin\Backend, DB\IO, Output\Form\Generate calls.
Last parameter after DB CONFIG is the log parameter
Session create has been moved to a new Create\Session class from the
\Basic class and MUST be started before using ACL\Login. Currently
ACL\Login will fallback and start it if no session is yet started.
See the Readme.md file for which classes use _SESSION data
In future the _SESSION settings should be moved to some wrapper class
for this so we can unit test sessions
Only Output\Form\Generate class call has the new changed with the second
parameter no longer beeing the table width setting but the class
setting.
But as this is a semi retired class and only used for edit_base this is
not 100% breaking.
All other classes can be used as is and have internal fallback to run as
before.
Deprecation messages will be added later.
