forked from pantheon-systems/wp-native-php-sessions
-
Notifications
You must be signed in to change notification settings - Fork 0
/
callbacks.php
138 lines (120 loc) · 4.13 KB
/
callbacks.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
<?php
/**
* Session handler assigned by session_set_save_handler().
*
* This function is used to handle any initialization, such as file paths or
* database connections, that is needed before accessing session data. The plugin
* does not need to initialize anything in this function.
*
* This function should not be called directly.
*
* @return true
*/
function _pantheon_session_open() {
return true;
}
/**
* Reads an entire session from the database (internal use only).
*
* Also initializes the $user object for the user associated with the session.
* This function is registered with session_set_save_handler() to support
* database-backed sessions. It is called on every page load when PHP sets
* up the $_SESSION superglobal.
*
* This function is an internal function and must not be called directly.
* Doing so may result in logging out the current user, corrupting session data
* or other unexpected behavior. Session data must always be accessed via the
* $_SESSION superglobal.
*
* @param $sid
* The session ID of the session to retrieve.
*
* @return
* The user's session, or an empty string if no session exists.
*/
function _pantheon_session_read( $sid ) {
// Write and Close handlers are called after destructing objects
// since PHP 5.0.5.
// Thus destructors can use sessions but session handler can't use objects.
// So we are moving session closure before destructing objects.
register_shutdown_function( 'session_write_close' );
// Handle the case of first time visitors and clients that don't store
// cookies (eg. web crawlers).
$insecure_session_name = substr( session_name(), 1 );
if ( ! isset( $_COOKIE[ session_name() ] ) && ! isset( $_COOKIE[ $insecure_session_name ] ) ) {
return '';
}
$session = \Pantheon_Sessions\Session::get_by_sid( $sid );
if ( $session ) {
return $session->get_data();
} else {
return '';
}
}
/**
* Writes an entire session to the database (internal use only).
*
* This function is registered with session_set_save_handler() to support
* database-backed sessions.
*
* This function is an internal function and must not be called directly.
* Doing so may result in corrupted session data or other unexpected behavior.
* Session data must always be accessed via the $_SESSION superglobal.
*
* @param $sid The session ID of the session to write to.
* @param $value Session data to write as a serialized string.
* @return true
*/
function _pantheon_session_write( $sid, $value ) {
$session = \Pantheon_Sessions\Session::get_by_sid( $sid );
if ( ! $session ) {
$session = \Pantheon_Sessions\Session::create_for_sid( $sid );
}
$session->set_data( $value );
}
/**
* Session handler assigned by session_set_save_handler().
*
* Cleans up a specific session.
*
* @param $sid Session ID.
*/
function _pantheon_session_destroy( $sid ) {
$session = \Pantheon_Sessions\Session::get_by_sid( $sid );
if ( ! $session ) {
return;
}
$session->destroy();
}
/**
* Session handler assigned by session_set_save_handler().
*
* This function is used to close the current session. Because the plugin stores
* session data in the database immediately on write, this function does
* not need to do anything.
*
* This function should not be called directly.
*
* @return true
*/
function _pantheon_session_close() {
return true;
}
/**
* Session handler assigned by session_set_save_handler().
*
* Cleans up stalled sessions.
*
* @param int $lifetime The value of session.gc_maxlifetime, passed by PHP. Sessions not updated for more than $lifetime seconds will be removed.
* @return true
*/
function _pantheon_session_garbage_collection( $lifetime ) {
global $wpdb;
// Be sure to adjust 'php_value session.gc_maxlifetime' to a large enough
// value. For example, if you want user sessions to stay in your database
// for three weeks before deleting them, you need to set gc_maxlifetime
// to '1814400'. At that value, only after a user doesn't log in after
// three weeks (1814400 seconds) will his/her session be removed.
$wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->pantheon_sessions WHERE `datetime` <= %s ", date( 'Y-m-d H:i:s', time() - $lifetime ) ) );
return true;
}