From 37af9c70d4df77aa7445dcb504e62adaa60415dd Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Tue, 13 Oct 2020 10:40:35 +0200 Subject: [PATCH] Move cookie handling into SessionHandler --- .../install/files/lib/system/WCF.class.php | 1 - .../install/files/lib/system/WCFACP.class.php | 2 - .../session/ACPSessionFactory.class.php | 30 +++------- .../system/session/SessionHandler.class.php | 60 ++++++++----------- 4 files changed, 33 insertions(+), 60 deletions(-) diff --git a/wcfsetup/install/files/lib/system/WCF.class.php b/wcfsetup/install/files/lib/system/WCF.class.php index 51f75f1f07..db9326cd60 100644 --- a/wcfsetup/install/files/lib/system/WCF.class.php +++ b/wcfsetup/install/files/lib/system/WCF.class.php @@ -438,7 +438,6 @@ class WCF { $factory->load(); self::$sessionObj = SessionHandler::getInstance(); - self::$sessionObj->setHasValidCookie($factory->hasValidCookie()); } /** diff --git a/wcfsetup/install/files/lib/system/WCFACP.class.php b/wcfsetup/install/files/lib/system/WCFACP.class.php index d944832dae..9aabff0f0f 100644 --- a/wcfsetup/install/files/lib/system/WCFACP.class.php +++ b/wcfsetup/install/files/lib/system/WCFACP.class.php @@ -191,8 +191,6 @@ class WCFACP extends WCF { $factory = new ACPSessionFactory(); $factory->load(); - - self::$sessionObj->setHasValidCookie($factory->hasValidCookie()); } /** diff --git a/wcfsetup/install/files/lib/system/session/ACPSessionFactory.class.php b/wcfsetup/install/files/lib/system/session/ACPSessionFactory.class.php index ea5a72f81f..3eb87e951e 100644 --- a/wcfsetup/install/files/lib/system/session/ACPSessionFactory.class.php +++ b/wcfsetup/install/files/lib/system/session/ACPSessionFactory.class.php @@ -1,8 +1,8 @@ readSessionID(); - SessionHandler::getInstance()->load($this->sessionEditor, $sessionID); + SessionHandler::getInstance()->loadFromCookie(); // call beforeInit event if (!defined('NO_IMPORTS')) { @@ -47,19 +43,10 @@ class ACPSessionFactory { } /** - * Returns true if session was based upon a valid cookie. - * - * @return boolean - * @since 3.0 + * @deprecated 5.4 - Sessions are fully managed by SessionHandler. */ public function hasValidCookie() { - if (isset($_COOKIE[COOKIE_PREFIX.$this->cookieSuffix.'session'])) { - if ($_COOKIE[COOKIE_PREFIX.$this->cookieSuffix.'session'] == SessionHandler::getInstance()->sessionID) { - return true; - } - } - - return false; + return SessionHandler::getInstance()->hasValidCookie(); } /** @@ -70,10 +57,7 @@ class ACPSessionFactory { } /** - * Returns the session id from cookie. Returns an empty string, - * if no session cookie was provided. - * - * @return string + * @deprecated 5.4 - Sessions are fully managed by SessionHandler. */ protected function readSessionID() { // get sessionID from cookie diff --git a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php index b725329c30..7664a91957 100644 --- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php +++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php @@ -65,12 +65,6 @@ final class SessionHandler extends SingletonFactory { */ protected $groupData = null; - /** - * true if client provided a valid session cookie - * @var boolean - */ - protected $hasValidCookie = false; - /** * true if within ACP or WCFSetup * @var boolean @@ -105,18 +99,6 @@ final class SessionHandler extends SingletonFactory { */ protected $legacySession = null; - /** - * session class name - * @var string - */ - protected $sessionClassName = ''; - - /** - * session editor class name - * @var string - */ - protected $sessionEditorClassName = ''; - /** * style id * @var integer @@ -193,14 +175,9 @@ final class SessionHandler extends SingletonFactory { public function setCookieSuffix() { } /** - * Sets a boolean value to determine if the client provided a valid session cookie. - * - * @param boolean $hasValidCookie - * @since 3.0 + * @deprecated 5.4 - This method is a noop. Cookie handling works automatically. */ - public function setHasValidCookie($hasValidCookie) { - $this->hasValidCookie = $hasValidCookie; - } + public function setHasValidCookie($hasValidCookie) { } /** * Returns true if client provided a valid session cookie. @@ -208,20 +185,17 @@ final class SessionHandler extends SingletonFactory { * @return boolean * @since 3.0 */ - public function hasValidCookie() { - return $this->hasValidCookie; + public function hasValidCookie(): bool { + $cookieName = COOKIE_PREFIX.($this->isACP ? 'acp' : 'user')."_session"; + $sessionID = $_COOKIE[$cookieName] ?? null; + + return $sessionID === $this->sessionID; } /** - * Loads an existing session or creates a new one. - * - * @param string $sessionEditorClassName - * @param string $sessionID + * @deprecated 5.4 - Sessions are managed automatically. Use loadFromCookie(). */ public function load($sessionEditorClassName, $sessionID) { - $this->sessionEditorClassName = $sessionEditorClassName; - $this->sessionClassName = call_user_func([$sessionEditorClassName, 'getBaseClass']); - $hasSession = false; if (!empty($sessionID)) { $hasSession = $this->getExistingSession($sessionID); @@ -233,6 +207,24 @@ final class SessionHandler extends SingletonFactory { } } + /** + * Loads the session matching the session cookie. + */ + public function loadFromCookie() { + $cookieName = COOKIE_PREFIX.($this->isACP ? 'acp' : 'user')."_session"; + $sessionID = $_COOKIE[$cookieName] ?? null; + + $hasSession = false; + if ($sessionID) { + $hasSession = $this->getExistingSession($sessionID); + } + + // create new session + if (!$hasSession) { + $this->create(); + } + } + /** * Initializes session system. */ -- 2.20.1