| 28,6 → 28,9 |
|---|
| private $secret = ''; |
| protected $sessionLifetime = 0; |
| |
| /** |
| * @throws OIDplusException |
| */ |
| public function __construct() { |
| $this->sessionLifetime = OIDplus::baseConfig()->getValue('SESSION_LIFETIME', 30*60); |
| $this->secret = OIDplus::baseConfig()->getValue('SERVER_SECRET'); |
| 56,6 → 59,10 |
|---|
| @ini_set('session.gc_maxlifetime', $this->sessionLifetime); |
| } |
| |
| /** |
| * @return void |
| * @throws OIDplusException |
| */ |
| protected function sessionSafeStart() { |
| if (!isset($_SESSION)) { |
| // TODO: session_name() makes some problems. Leave it away for now. |
| 83,6 → 90,9 |
|---|
| } |
| } |
| |
| /** |
| * @return void |
| */ |
| function __destruct() { |
| session_write_close(); |
| } |
| 89,7 → 99,13 |
|---|
| |
| private $cacheSetValues = array(); // Important if you do a setValue() followed by an getValue() |
| |
| public function setValue($name, $value) { |
| /** |
| * @param string $name |
| * @param mixed $value |
| * @return void |
| * @throws OIDplusException |
| */ |
| public function setValue(string $name, $value) { |
| $enc_data = self::encrypt($value, $this->secret); |
| |
| $this->cacheSetValues[$name] = $enc_data; |
| 100,7 → 116,13 |
|---|
| $_SESSION[$name] = $enc_data; |
| } |
| |
| public function getValue($name, $default = NULL) { |
| /** |
| * @param string $name |
| * @param mixed|null $default |
| * @return mixed|null |
| * @throws OIDplusException |
| */ |
| public function getValue(string $name, $default = NULL) { |
| if (isset($this->cacheSetValues[$name])) return self::decrypt($this->cacheSetValues[$name], $this->secret); |
| |
| if (!$this->isActive()) return $default; // GDPR: Only start a session when we really need one |
| 111,7 → 133,12 |
|---|
| return self::decrypt($_SESSION[$name], $this->secret); |
| } |
| |
| public function exists($name) { |
| /** |
| * @param string $name |
| * @return bool |
| * @throws OIDplusException |
| */ |
| public function exists(string $name): bool { |
| if (isset($this->cacheSetValues[$name])) return true; |
| |
| if (!$this->isActive()) return false; // GDPR: Only start a session when we really need one |
| 118,10 → 145,15 |
|---|
| $this->sessionSafeStart(); |
| OIDplus::cookieUtils()->setcookie(session_name(),session_id(),time()+$this->sessionLifetime); |
| |
| if (!isset($_SESSION[$name])) return false; |
| return isset($_SESSION[$name]); |
| } |
| |
| public function delete($name) { |
| /** |
| * @param string $name |
| * @return void |
| * @throws OIDplusException |
| */ |
| public function delete(string $name) { |
| if (isset($this->cacheSetValues[$name])) unset($this->cacheSetValues[$name]); |
| |
| if (!$this->isActive()) return; // GDPR: Only start a session when we really need one |
| 131,6 → 163,10 |
|---|
| unset($_SESSION[$name]); |
| } |
| |
| /** |
| * @return void |
| * @throws OIDplusException |
| */ |
| public function destroySession() { |
| if (!$this->isActive()) return; |
| |
| 143,11 → 179,20 |
|---|
| OIDplus::cookieUtils()->unsetcookie(session_name()); // remove cookie, so GDPR people are happy |
| } |
| |
| public function isActive() { |
| /** |
| * @return bool |
| */ |
| public function isActive(): bool { |
| return isset($_COOKIE[session_name()]); |
| } |
| |
| protected static function encrypt($data, $key) { |
| /** |
| * @param string $data |
| * @param string $key |
| * @return string |
| * @throws \Exception |
| */ |
| protected static function encrypt(string $data, string $key): string { |
| if (function_exists('openssl_encrypt')) { |
| $iv = random_bytes(16); // AES block size in CBC mode |
| // Encryption |
| 168,7 → 213,13 |
|---|
| } |
| } |
| |
| protected static function decrypt($data, $key) { |
| /** |
| * @param string $data |
| * @param string $key |
| * @return string |
| * @throws OIDplusException |
| */ |
| protected static function decrypt(string $data, string $key): string { |
| if (function_exists('openssl_decrypt')) { |
| $hmac = mb_substr($data, 0, 64, '8bit'); |
| $iv = mb_substr($data, 64, 16, '8bit'); |