Magento: app/code/core/Mage/Core/Model/Session/Abstract/Varien.php Source File

00001 <?php
00002 /**
00003  * Magento
00004  *
00005  * NOTICE OF LICENSE
00006  *
00007  * This source file is subject to the Open Software License (OSL 3.0)
00008  * that is bundled with this package in the file LICENSE.txt.
00009  * It is also available through the world-wide-web at this URL:
00010  * http://opensource.org/licenses/osl-3.0.php
00011  * If you did not receive a copy of the license and are unable to
00012  * obtain it through the world-wide-web, please send an email
00013  * to license@magentocommerce.com so we can send you a copy immediately.
00014  *
00015  * DISCLAIMER
00016  *
00017  * Do not edit or add to this file if you wish to upgrade Magento to newer
00018  * versions in the future. If you wish to customize Magento for your
00019  * needs please refer to http://www.magentocommerce.com for more information.
00020  *
00021  * @category   Mage
00022  * @package    Mage_Core
00023  * @copyright  Copyright (c) 2008 Irubin Consulting Inc. DBA Varien (http://www.varien.com)
00024  * @license    http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
00025  */
00026 
00027 
00028 class Mage_Core_Model_Session_Abstract_Varien extends Varien_Object
00029 {
00030     const VALIDATOR_KEY                         = '_session_validator_data';
00031     const VALIDATOR_HTTP_USER_AGENT_KEY         = 'http_user_agent';
00032     const VALIDATOR_HTTP_X_FORVARDED_FOR_KEY    = 'http_x_forwarded_for';
00033     const VALIDATOR_HTTP_VIA_KEY                = 'http_via';
00034     const VALIDATOR_REMOTE_ADDR_KEY             = 'remote_addr';
00035 
00036     /**
00037      * Conigure and start session
00038      *
00039      * @param string $sessionName
00040      * @return Mage_Core_Model_Session_Abstract_Varien
00041      */
00042     public function start($sessionName=null)
00043     {
00044         if (isset($_SESSION)) {
00045             return $this;
00046         }
00047 
00048         Varien_Profiler::start(__METHOD__.'/setOptions');
00049         if (is_writable(Mage::getBaseDir('session'))) {
00050             session_save_path($this->getSessionSavePath());
00051         }
00052         Varien_Profiler::stop(__METHOD__.'/setOptions');
00053 
00054         switch($this->getSessionSaveMethod()) {
00055             case 'db':
00056                 ini_set('session.save_handler', 'user');
00057                 $sessionResource = Mage::getResourceSingleton('core/session');
00058                 /* @var $sessionResource Mage_Core_Model_Mysql4_Session */
00059                 $sessionResource->setSaveHandler();
00060                 break;
00061             case 'memcache':
00062                 ini_set('session.save_handler', 'memcache');
00063                 session_save_path($this->getSessionSavePath());
00064                 break;
00065             default:
00066                 session_module_name('files');
00067                 break;
00068         }
00069 
00070         if (Mage::app()->getStore()->isAdmin()) {
00071             $adminSessionLifetime = (int)Mage::getStoreConfig('admin/security/session_cookie_lifetime');
00072             if ($adminSessionLifetime > 60) {
00073                 Mage::getSingleton('core/cookie')->setLifetime($adminSessionLifetime);
00074             }
00075         }
00076 
00077         // set session cookie params
00078         session_set_cookie_params(
00079             $this->getCookie()->getLifetime(),
00080             $this->getCookie()->getPath(),
00081             $this->getCookie()->getDomain(),
00082             $this->getCookie()->isSecure(),
00083             $this->getCookie()->getHttponly()
00084         );
00085 
00086         if (!empty($sessionName)) {
00087             $this->setSessionName($sessionName);
00088         }
00089 
00090         // potential custom logic for session id (ex. switching between hosts)
00091         $this->setSessionId();
00092 
00093         Varien_Profiler::start(__METHOD__.'/start');
00094 
00095         if ($sessionCacheLimiter = Mage::getConfig()->getNode('global/session_cache_limiter')) {
00096             session_cache_limiter((string)$sessionCacheLimiter);
00097         }
00098 
00099         session_start();
00100 
00101         Varien_Profiler::stop(__METHOD__.'/start');
00102 
00103         return $this;
00104     }
00105 
00106     /**
00107      * Retrieve cookie object
00108      *
00109      * @return Mage_Core_Model_Cookie
00110      */
00111     public function getCookie()
00112     {
00113         return Mage::getSingleton('core/cookie');
00114     }
00115 
00116     /**
00117      * Revalidate cookie
00118      *
00119      * @return Mage_Core_Model_Session_Abstract_Varien
00120      */
00121     public function revalidateCookie()
00122     {
00123         if (!$this->getCookie()->getLifetime()) {
00124             return $this;
00125         }
00126         if (empty($_SESSION['_cookie_revalidate'])) {
00127             $time = time() + round($this->getCookie()->getLifetime() / 4);
00128             $_SESSION['_cookie_revalidate'] = $time;
00129         }
00130         else {
00131             if ($_SESSION['_cookie_revalidate'] < time()) {
00132                 if (!headers_sent()) {
00133                     $this->getCookie()->set(session_name(), session_id());
00134 
00135                     $time = time() + round($this->getCookie()->getLifetime() / 4);
00136                     $_SESSION['_cookie_revalidate'] = $time;
00137                 }
00138             }
00139         }
00140 
00141         return $this;
00142     }
00143 
00144     /**
00145      * Init session with namespace
00146      *
00147      * @param string $namespace
00148      * @param string $sessionName
00149      * @return Mage_Core_Model_Session_Abstract_Varien
00150      */
00151     public function init($namespace, $sessionName=null)
00152     {
00153         if (!isset($_SESSION)) {
00154             $this->start($sessionName);
00155         }
00156         if (!isset($_SESSION[$namespace])) {
00157             $_SESSION[$namespace] = array();
00158         }
00159 
00160         $this->_data = &$_SESSION[$namespace];
00161 
00162         $this->validate();
00163         $this->revalidateCookie();
00164 
00165         return $this;
00166     }
00167 
00168     /**
00169      * Additional get data with clear mode
00170      *
00171      * @param string $key
00172      * @param bool $clear
00173      * @return mixed
00174      */
00175     public function getData($key='', $clear = false)
00176     {
00177         $data = parent::getData($key);
00178         if ($clear && isset($this->_data[$key])) {
00179             unset($this->_data[$key]);
00180         }
00181         return $data;
00182     }
00183 
00184     /**
00185      * Retrieve session Id
00186      *
00187      * @return string
00188      */
00189     public function getSessionId()
00190     {
00191         return session_id();
00192     }
00193 
00194     /**
00195      * Set custom session id
00196      *
00197      * @param string $id
00198      * @return Mage_Core_Model_Session_Abstract_Varien
00199      */
00200     public function setSessionId($id=null)
00201     {
00202         if (!is_null($id) && preg_match('#^[0-9a-zA-Z,-]+$#', $id)) {
00203             session_id($id);
00204         }
00205         return $this;
00206     }
00207 
00208     /**
00209      * Retrieve session name
00210      *
00211      * @return string
00212      */
00213     public function getSessionName()
00214     {
00215         return session_name();
00216     }
00217 
00218     /**
00219      * Set session name
00220      *
00221      * @param string $name
00222      * @return Mage_Core_Model_Session_Abstract_Varien
00223      */
00224     public function setSessionName($name)
00225     {
00226         session_name($name);
00227         return $this;
00228     }
00229 
00230     /**
00231      * Unset all data
00232      *
00233      * @return Mage_Core_Model_Session_Abstract_Varien
00234      */
00235     public function unsetAll()
00236     {
00237         $this->unsetData();
00238         return $this;
00239     }
00240 
00241     /**
00242      * Alias for unsetAll
00243      *
00244      * @return Mage_Core_Model_Session_Abstract_Varien
00245      */
00246     public function clear()
00247     {
00248         return $this->unsetAll();
00249     }
00250 
00251     /**
00252      * Retrieve session save method
00253      * Default files
00254      *
00255      * @return string
00256      */
00257     public function getSessionSaveMethod()
00258     {
00259         return 'files';
00260     }
00261 
00262     /**
00263      * Get sesssion save path
00264      *
00265      * @return string
00266      */
00267     public function getSessionSavePath()
00268     {
00269         return Mage::getBaseDir('session');
00270     }
00271 
00272     /**
00273      * Use REMOTE_ADDR in validator key
00274      *
00275      * @return bool
00276      */
00277     public function useValidateRemoteAddr()
00278     {
00279         return true;
00280     }
00281 
00282     /**
00283      * Use HTTP_VIA in validator key
00284      *
00285      * @return bool
00286      */
00287     public function useValidateHttpVia()
00288     {
00289         return true;
00290     }
00291 
00292     /**
00293      * Use HTTP_X_FORWARDED_FOR in validator key
00294      *
00295      * @return bool
00296      */
00297     public function useValidateHttpXForwardedFor()
00298     {
00299         return true;
00300     }
00301 
00302     /**
00303      * Use HTTP_USER_AGENT in validator key
00304      *
00305      * @return bool
00306      */
00307     public function useValidateHttpUserAgent()
00308     {
00309         return true;
00310     }
00311 
00312     /**
00313      * Retrieve skip User Agent validation strings (Flash etc)
00314      *
00315      * @return array
00316      */
00317     public function getValidateHttpUserAgentSkip()
00318     {
00319         return array();
00320     }
00321 
00322     /**
00323      * Validate session
00324      *
00325      * @param string $namespace
00326      * @return Mage_Core_Model_Session_Abstract_Varien
00327      */
00328     public function validate()
00329     {
00330         if (!isset($this->_data[self::VALIDATOR_KEY])) {
00331             $this->_data[self::VALIDATOR_KEY] = $this->getValidatorData();
00332         }
00333         else {
00334             if (!$this->_validate()) {
00335                 $this->getCookie()->delete(session_name());
00336                 // throw core session exception
00337                 throw new Mage_Core_Model_Session_Exception('');
00338             }
00339         }
00340 
00341         return $this;
00342     }
00343 
00344     /**
00345      * Validate data
00346      *
00347      * @return bool
00348      */
00349     protected function _validate()
00350     {
00351         $sessionData = $this->_data[self::VALIDATOR_KEY];
00352         $validatorData = $this->getValidatorData();
00353 
00354         if ($this->useValidateRemoteAddr() && $sessionData[self::VALIDATOR_REMOTE_ADDR_KEY] != $validatorData[self::VALIDATOR_REMOTE_ADDR_KEY]) {
00355             return false;
00356         }
00357         if ($this->useValidateHttpVia() && $sessionData[self::VALIDATOR_HTTP_VIA_KEY] != $validatorData[self::VALIDATOR_HTTP_VIA_KEY]) {
00358             return false;
00359         }
00360         if ($this->useValidateHttpXForwardedFor() && $sessionData[self::VALIDATOR_HTTP_X_FORVARDED_FOR_KEY] != $validatorData[self::VALIDATOR_HTTP_X_FORVARDED_FOR_KEY]) {
00361             return false;
00362         }
00363         if ($this->useValidateHttpUserAgent()
00364             && $sessionData[self::VALIDATOR_HTTP_USER_AGENT_KEY] != $validatorData[self::VALIDATOR_HTTP_USER_AGENT_KEY]
00365             && !in_array($validatorData[self::VALIDATOR_HTTP_USER_AGENT_KEY], $this->getValidateHttpUserAgentSkip())) {
00366             return false;
00367         }
00368 
00369         return true;
00370     }
00371 
00372     /**
00373      * Retrieve unique user data for validator
00374      *
00375      * @return array
00376      */
00377     public function getValidatorData()
00378     {
00379         $parts = array(
00380             self::VALIDATOR_REMOTE_ADDR_KEY             => '',
00381             self::VALIDATOR_HTTP_VIA_KEY                => '',
00382             self::VALIDATOR_HTTP_X_FORVARDED_FOR_KEY    => '',
00383             self::VALIDATOR_HTTP_USER_AGENT_KEY         => ''
00384         );
00385 
00386         // collect ip data
00387         if (isset($_SERVER['REMOTE_ADDR'])) {
00388             $parts[self::VALIDATOR_REMOTE_ADDR_KEY] = (string)$_SERVER['REMOTE_ADDR'];
00389         }
00390         if (isset($_ENV['HTTP_VIA'])) {
00391             $parts[self::VALIDATOR_HTTP_VIA_KEY] = (string)$_ENV['HTTP_VIA'];
00392         }
00393         if (isset($_ENV['HTTP_X_FORWARDED_FOR'])) {
00394             $parts[self::VALIDATOR_HTTP_X_FORVARDED_FOR_KEY] = (string)$_ENV['HTTP_X_FORWARDED_FOR'];
00395         }
00396 
00397         // collect user agent data
00398         if (isset($_SERVER['HTTP_USER_AGENT'])) {
00399             $parts[self::VALIDATOR_HTTP_USER_AGENT_KEY] = (string)$_SERVER['HTTP_USER_AGENT'];
00400         }
00401 
00402         return $parts;
00403     }
00404 }