|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231 |
- <?php
- /**
- * @link http://www.yiiframework.com/
- * @copyright Copyright (c) 2008 Yii Software LLC
- * @license http://www.yiiframework.com/license/
- */
-
- namespace yii\web;
-
- use Yii;
- use yii\db\Connection;
- use yii\db\Query;
- use yii\base\InvalidConfigException;
- use yii\di\Instance;
-
- /**
- * DbSession extends [[Session]] by using database as session data storage.
- *
- * By default, DbSession stores session data in a DB table named 'session'. This table
- * must be pre-created. The table name can be changed by setting [[sessionTable]].
- *
- * The following example shows how you can configure the application to use DbSession:
- * Add the following to your application config under `components`:
- *
- * ~~~
- * 'session' => [
- * 'class' => 'yii\web\DbSession',
- * // 'db' => 'mydb',
- * // 'sessionTable' => 'my_session',
- * ]
- * ~~~
- *
- * @property boolean $useCustomStorage Whether to use custom storage. This property is read-only.
- *
- * @author Qiang Xue <qiang.xue@gmail.com>
- * @since 2.0
- */
- class DbSession extends Session
- {
- /**
- * @var Connection|array|string the DB connection object or the application component ID of the DB connection.
- * After the DbSession object is created, if you want to change this property, you should only assign it
- * with a DB connection object.
- * Starting from version 2.0.2, this can also be a configuration array for creating the object.
- */
- public $db = 'db';
- /**
- * @var string the name of the DB table that stores the session data.
- * The table should be pre-created as follows:
- *
- * ~~~
- * CREATE TABLE session
- * (
- * id CHAR(40) NOT NULL PRIMARY KEY,
- * expire INTEGER,
- * data BLOB
- * )
- * ~~~
- *
- * where 'BLOB' refers to the BLOB-type of your preferred DBMS. Below are the BLOB type
- * that can be used for some popular DBMS:
- *
- * - MySQL: LONGBLOB
- * - PostgreSQL: BYTEA
- * - MSSQL: BLOB
- *
- * When using DbSession in a production server, we recommend you create a DB index for the 'expire'
- * column in the session table to improve the performance.
- *
- * Note that according to the php.ini setting of `session.hash_function`, you may need to adjust
- * the length of the `id` column. For example, if `session.hash_function=sha256`, you should use
- * length 64 instead of 40.
- */
- public $sessionTable = '{{%session}}';
-
-
- /**
- * Initializes the DbSession component.
- * This method will initialize the [[db]] property to make sure it refers to a valid DB connection.
- * @throws InvalidConfigException if [[db]] is invalid.
- */
- public function init()
- {
- parent::init();
- $this->db = Instance::ensure($this->db, Connection::className());
- }
-
- /**
- * Returns a value indicating whether to use custom session storage.
- * This method overrides the parent implementation and always returns true.
- * @return boolean whether to use custom storage.
- */
- public function getUseCustomStorage()
- {
- return true;
- }
-
- /**
- * Updates the current session ID with a newly generated one .
- * Please refer to <http://php.net/session_regenerate_id> for more details.
- * @param boolean $deleteOldSession Whether to delete the old associated session file or not.
- */
- public function regenerateID($deleteOldSession = false)
- {
- $oldID = session_id();
-
- // if no session is started, there is nothing to regenerate
- if (empty($oldID)) {
- return;
- }
-
- parent::regenerateID(false);
- $newID = session_id();
-
- $query = new Query;
- $row = $query->from($this->sessionTable)
- ->where(['id' => $oldID])
- ->createCommand($this->db)
- ->queryOne();
- if ($row !== false) {
- if ($deleteOldSession) {
- $this->db->createCommand()
- ->update($this->sessionTable, ['id' => $newID], ['id' => $oldID])
- ->execute();
- } else {
- $row['id'] = $newID;
- $this->db->createCommand()
- ->insert($this->sessionTable, $row)
- ->execute();
- }
- } else {
- // shouldn't reach here normally
- $this->db->createCommand()
- ->insert($this->sessionTable, [
- 'id' => $newID,
- 'expire' => time() + $this->getTimeout(),
- ])->execute();
- }
- }
-
- /**
- * Session read handler.
- * Do not call this method directly.
- * @param string $id session ID
- * @return string the session data
- */
- public function readSession($id)
- {
- $query = new Query;
- $data = $query->select(['data'])
- ->from($this->sessionTable)
- ->where('[[expire]]>:expire AND [[id]]=:id', [':expire' => time(), ':id' => $id])
- ->createCommand($this->db)
- ->queryScalar();
-
- return $data === false ? '' : $data;
- }
-
- /**
- * Session write handler.
- * Do not call this method directly.
- * @param string $id session ID
- * @param string $data session data
- * @return boolean whether session write is successful
- */
- public function writeSession($id, $data)
- {
- // exception must be caught in session write handler
- // http://us.php.net/manual/en/function.session-set-save-handler.php
- try {
- $expire = time() + $this->getTimeout();
- $query = new Query;
- $exists = $query->select(['id'])
- ->from($this->sessionTable)
- ->where(['id' => $id])
- ->createCommand($this->db)
- ->queryScalar();
- if ($exists === false) {
- $this->db->createCommand()
- ->insert($this->sessionTable, [
- 'id' => $id,
- 'data' => $data,
- 'expire' => $expire,
- ])->execute();
- } else {
- $this->db->createCommand()
- ->update($this->sessionTable, ['data' => $data, 'expire' => $expire], ['id' => $id])
- ->execute();
- }
- } catch (\Exception $e) {
- $exception = ErrorHandler::convertExceptionToString($e);
- // its too late to use Yii logging here
- error_log($exception);
- echo $exception;
-
- return false;
- }
-
- return true;
- }
-
- /**
- * Session destroy handler.
- * Do not call this method directly.
- * @param string $id session ID
- * @return boolean whether session is destroyed successfully
- */
- public function destroySession($id)
- {
- $this->db->createCommand()
- ->delete($this->sessionTable, ['id' => $id])
- ->execute();
-
- return true;
- }
-
- /**
- * Session GC (garbage collection) handler.
- * Do not call this method directly.
- * @param integer $maxLifetime the number of seconds after which data will be seen as 'garbage' and cleaned up.
- * @return boolean whether session is GCed successfully
- */
- public function gcSession($maxLifetime)
- {
- $this->db->createCommand()
- ->delete($this->sessionTable, '[[expire]]<:expire', [':expire' => time()])
- ->execute();
-
- return true;
- }
- }
|