WP_Session

WordPress Session class for managing user session data.

Defined (2)

The class is defined in the following location(s).

/deprecated/includes/libraries/class-wp-session.php  
  1. final class WP_Session extends Recursive_ArrayAccess implements Iterator, Countable { 
  2. /** 
  3. * ID of the current session. 
  4. * @var string 
  5. */ 
  6. public $session_id; 
  7.  
  8. /** 
  9. * Unix timestamp when session expires. 
  10. * @var int 
  11. */ 
  12. protected $expires; 
  13.  
  14. /** 
  15. * Unix timestamp indicating when the expiration time needs to be reset. 
  16. * @var int 
  17. */ 
  18. protected $exp_variant; 
  19.  
  20. /** 
  21. * Singleton instance. 
  22. * @var bool|WP_Session 
  23. */ 
  24. private static $instance = false; 
  25.  
  26. /** 
  27. * Retrieve the current session instance. 
  28. * @param bool $session_id Session ID from which to populate data. 
  29. * @return bool|WP_Session 
  30. */ 
  31. public static function get_instance() { 
  32. if ( ! self::$instance ) { 
  33. self::$instance = new self(); 
  34.  
  35. return self::$instance; 
  36.  
  37. /** 
  38. * Default constructor. 
  39. * Will rebuild the session collection from the given session ID if it exists. Otherwise, will 
  40. * create a new session with that ID. 
  41. * @param $session_id 
  42. * @uses apply_filters Calls `wp_session_expiration` to determine how long until sessions expire. 
  43. */ 
  44. protected function __construct() { 
  45. if ( isset( $_COOKIE[WP_SESSION_COOKIE] ) ) { 
  46. $cookie = stripslashes( $_COOKIE[WP_SESSION_COOKIE] ); 
  47. $cookie_crumbs = explode( '||', $cookie ); 
  48.  
  49. $this->session_id = $cookie_crumbs[0]; 
  50.  
  51. if( $this->is_valid_md5( $cookie_crumbs[0] ) ) { 
  52. $this->session_id = $cookie_crumbs[0]; 
  53. } else { 
  54. $this->session_id = $this->generate_id(); 
  55.  
  56. $this->expires = $cookie_crumbs[1]; 
  57. $this->exp_variant = $cookie_crumbs[2]; 
  58.  
  59. // Update the session expiration if we're past the variant time 
  60. if ( time() > $this->exp_variant ) { 
  61. $this->set_expiration(); 
  62. delete_option( "_wp_session_expires_{$this->session_id}" ); 
  63. add_option( "_wp_session_expires_{$this->session_id}", $this->expires, '', 'no' ); 
  64. } else { 
  65. $this->session_id = $this->generate_id(); 
  66. $this->set_expiration(); 
  67.  
  68. $this->read_data(); 
  69.  
  70. /** 
  71. * Only set the cookie manually, on form submission. 
  72. */ 
  73. //$this->set_cookie(); 
  74.  
  75.  
  76. /** 
  77. * Set both the expiration time and the expiration variant. 
  78. * If the current time is below the variant, we don't update the session's expiration time. If it's 
  79. * greater than the variant, then we update the expiration time in the database. This prevents 
  80. * writing to the database on every page load for active sessions and only updates the expiration 
  81. * time if we're nearing when the session actually expires. 
  82. * By default, the expiration time is set to 30 minutes. 
  83. * By default, the expiration variant is set to 24 minutes. 
  84. * As a result, the session expiration time - at a maximum - will only be written to the database once 
  85. * every 24 minutes. After 30 minutes, the session will have been expired. No cookie will be sent by 
  86. * the browser, and the old session will be queued for deletion by the garbage collector. 
  87. * @uses apply_filters Calls `wp_session_expiration_variant` to get the max update window for session data. 
  88. * @uses apply_filters Calls `wp_session_expiration` to get the standard expiration time for sessions. 
  89. */ 
  90. protected function set_expiration() { 
  91. $this->exp_variant = time() + (int) apply_filters( 'wp_session_expiration_variant', 24 * 60 ); 
  92. $this->expires = time() + (int) apply_filters( 'wp_session_expiration', 30 * 60 ); 
  93.  
  94. /** 
  95. * Set the session cookie 
  96. * IMPORTANT: Made public 
  97. */ 
  98. public function set_cookie() { 
  99. @setcookie( WP_SESSION_COOKIE, $this->session_id . '||' . $this->expires . '||' . $this->exp_variant , $this->expires, COOKIEPATH, COOKIE_DOMAIN ); 
  100.  
  101. /** 
  102. * Generate a cryptographically strong unique ID for the session token. 
  103. * @return string 
  104. */ 
  105. protected function generate_id() { 
  106. require_once( ABSPATH . 'wp-includes/class-phpass.php'); 
  107. $hasher = new PasswordHash( 8, false ); 
  108.  
  109. return md5( $hasher->get_random_bytes( 32 ) ); 
  110.  
  111. /** 
  112. * Read data from a transient for the current session. 
  113. * Automatically resets the expiration time for the session transient to some time in the future. 
  114. * @return array 
  115. */ 
  116. protected function read_data() { 
  117. $this->container = get_option( "_wp_session_{$this->session_id}", array() ); 
  118.  
  119. return $this->container; 
  120.  
  121. /** 
  122. * Write the data from the current session to the data storage system. 
  123. */ 
  124. public function write_data() { 
  125. $option_key = "_wp_session_{$this->session_id}"; 
  126.  
  127. // Only write the collection to the DB if it's changed. 
  128. if ( $this->dirty ) { 
  129. if ( false === get_option( $option_key ) ) { 
  130. add_option( "_wp_session_{$this->session_id}", $this->container, '', 'no' ); 
  131. add_option( "_wp_session_expires_{$this->session_id}", $this->expires, '', 'no' ); 
  132. } else { 
  133. delete_option( "_wp_session_{$this->session_id}" ); 
  134. add_option( "_wp_session_{$this->session_id}", $this->container, '', 'no' ); 
  135.  
  136. /** 
  137. * Output the current container contents as a JSON-encoded string. 
  138. * @return string 
  139. */ 
  140. public function json_out() { 
  141. return json_encode( $this->container ); 
  142.  
  143. /** 
  144. * Decodes a JSON string and, if the object is an array, overwrites the session container with its contents. 
  145. * @param string $data 
  146. * @return bool 
  147. */ 
  148. public function json_in( $data ) { 
  149. $array = json_decode( $data ); 
  150.  
  151. if ( is_array( $array ) ) { 
  152. $this->container = $array; 
  153. return true; 
  154.  
  155. return false; 
  156.  
  157. /** 
  158. * Regenerate the current session's ID. 
  159. * @param bool $delete_old Flag whether or not to delete the old session data from the server. 
  160. */ 
  161. public function regenerate_id( $delete_old = false ) { 
  162. if ( $delete_old ) { 
  163. delete_option( "_wp_session_{$this->session_id}" ); 
  164.  
  165. $this->session_id = $this->generate_id(); 
  166.  
  167. $this->set_cookie(); 
  168.  
  169. /** 
  170. * Check if a session has been initialized. 
  171. * @return bool 
  172. */ 
  173. public function session_started() { 
  174. return !!self::$instance; 
  175.  
  176. /** 
  177. * Return the read-only cache expiration value. 
  178. * @return int 
  179. */ 
  180. public function cache_expiration() { 
  181. return $this->expires; 
  182.  
  183. /** 
  184. * Flushes all session variables. 
  185. */ 
  186. public function reset() { 
  187. $this->container = array(); 
  188.  
  189. /** 
  190. * Checks if is valid md5 string 
  191. * @param string $md5 
  192. * @return int 
  193. */ 
  194. protected function is_valid_md5( $md5 = '' ) { 
  195. return preg_match( '/^[a-f0-9]{32}$/', $md5 ); 
  196.  
  197. /*****************************************************************/ 
  198. /** Iterator Implementation */ 
  199. /*****************************************************************/ 
  200.  
  201. /** 
  202. * Current position of the array. 
  203. * @link http://php.net/manual/en/iterator.current.php 
  204. * @return mixed 
  205. */ 
  206. public function current() { 
  207. return current( $this->container ); 
  208.  
  209. /** 
  210. * Key of the current element. 
  211. * @link http://php.net/manual/en/iterator.key.php 
  212. * @return mixed 
  213. */ 
  214. public function key() { 
  215. return key( $this->container ); 
  216.  
  217. /** 
  218. * Move the internal point of the container array to the next item 
  219. * @link http://php.net/manual/en/iterator.next.php 
  220. * @return void 
  221. */ 
  222. public function next() { 
  223. next( $this->container ); 
  224.  
  225. /** 
  226. * Rewind the internal point of the container array. 
  227. * @link http://php.net/manual/en/iterator.rewind.php 
  228. * @return void 
  229. */ 
  230. public function rewind() { 
  231. reset( $this->container ); 
  232.  
  233. /** 
  234. * Is the current key valid? 
  235. * @link http://php.net/manual/en/iterator.rewind.php 
  236. * @return bool 
  237. */ 
  238. public function valid() { 
  239. return $this->offsetExists( $this->key() ); 
  240.  
  241. /*****************************************************************/ 
  242. /** Countable Implementation */ 
  243. /*****************************************************************/ 
  244.  
  245. /** 
  246. * Get the count of elements in the container array. 
  247. * @link http://php.net/manual/en/countable.count.php 
  248. * @return int 
  249. */ 
  250. public function count() { 
  251. return count( $this->container ); 
/includes/Libraries/Session/class-wp-session.php  
  1. final class WP_Session extends Recursive_ArrayAccess implements Iterator, Countable { 
  2. /** 
  3. * ID of the current session. 
  4. * @var string 
  5. */ 
  6. public $session_id; 
  7.  
  8. /** 
  9. * Unix timestamp when session expires. 
  10. * @var int 
  11. */ 
  12. protected $expires; 
  13.  
  14. /** 
  15. * Unix timestamp indicating when the expiration time needs to be reset. 
  16. * @var int 
  17. */ 
  18. protected $exp_variant; 
  19.  
  20. /** 
  21. * Singleton instance. 
  22. * @var bool|WP_Session 
  23. */ 
  24. private static $instance = false; 
  25.  
  26. /** 
  27. * Retrieve the current session instance. 
  28. * @param bool $session_id Session ID from which to populate data. 
  29. * @return bool|WP_Session 
  30. */ 
  31. public static function get_instance() { 
  32. if ( ! self::$instance ) { 
  33. self::$instance = new self(); 
  34.  
  35. return self::$instance; 
  36.  
  37. /** 
  38. * Default constructor. 
  39. * Will rebuild the session collection from the given session ID if it exists. Otherwise, will 
  40. * create a new session with that ID. 
  41. * @param $session_id 
  42. * @uses apply_filters Calls `wp_session_expiration` to determine how long until sessions expire. 
  43. */ 
  44. protected function __construct() { 
  45. if ( isset( $_COOKIE[WP_SESSION_COOKIE] ) ) { 
  46. $cookie = stripslashes( $_COOKIE[WP_SESSION_COOKIE] ); 
  47. $cookie_crumbs = explode( '||', $cookie ); 
  48.  
  49. $this->session_id = $cookie_crumbs[0]; 
  50. $this->expires = $cookie_crumbs[1]; 
  51. $this->exp_variant = $cookie_crumbs[2]; 
  52.  
  53. // Update the session expiration if we're past the variant time 
  54. if ( time() > $this->exp_variant ) { 
  55. $this->set_expiration(); 
  56. delete_option( "_wp_session_expires_{$this->session_id}" ); 
  57. add_option( "_wp_session_expires_{$this->session_id}", $this->expires, '', 'no' ); 
  58. } else { 
  59. $this->session_id = $this->generate_id(); 
  60. $this->set_expiration(); 
  61.  
  62. $this->read_data(); 
  63.  
  64. /** 
  65. * MODIFICATION: Only set the cookie manually. 
  66. */ 
  67. //$this->set_cookie(); 
  68.  
  69. /** 
  70. * Set both the expiration time and the expiration variant. 
  71. * If the current time is below the variant, we don't update the session's expiration time. If it's 
  72. * greater than the variant, then we update the expiration time in the database. This prevents 
  73. * writing to the database on every page load for active sessions and only updates the expiration 
  74. * time if we're nearing when the session actually expires. 
  75. * By default, the expiration time is set to 30 minutes. 
  76. * By default, the expiration variant is set to 24 minutes. 
  77. * As a result, the session expiration time - at a maximum - will only be written to the database once 
  78. * every 24 minutes. After 30 minutes, the session will have been expired. No cookie will be sent by 
  79. * the browser, and the old session will be queued for deletion by the garbage collector. 
  80. * @uses apply_filters Calls `wp_session_expiration_variant` to get the max update window for session data. 
  81. * @uses apply_filters Calls `wp_session_expiration` to get the standard expiration time for sessions. 
  82. */ 
  83. protected function set_expiration() { 
  84. $this->exp_variant = time() + (int) apply_filters( 'wp_session_expiration_variant', 24 * 60 ); 
  85. $this->expires = time() + (int) apply_filters( 'wp_session_expiration', 30 * 60 ); 
  86.  
  87. /** 
  88. * Set the session cookie 
  89. */ 
  90. /** 
  91. * MODIFICATION: Change access to public for manually setting cookie. 
  92. */ 
  93. public function set_cookie() { 
  94. @setcookie( WP_SESSION_COOKIE, $this->session_id . '||' . $this->expires . '||' . $this->exp_variant , $this->expires, COOKIEPATH, COOKIE_DOMAIN ); 
  95.  
  96. /** 
  97. * Generate a cryptographically strong unique ID for the session token. 
  98. * @return string 
  99. */ 
  100. protected function generate_id() { 
  101. require_once( ABSPATH . 'wp-includes/class-phpass.php'); 
  102. $hasher = new PasswordHash( 8, false ); 
  103.  
  104. return md5( $hasher->get_random_bytes( 32 ) ); 
  105.  
  106. /** 
  107. * Read data from a transient for the current session. 
  108. * Automatically resets the expiration time for the session transient to some time in the future. 
  109. * @return array 
  110. */ 
  111. protected function read_data() { 
  112. $this->container = get_option( "_wp_session_{$this->session_id}", array() ); 
  113.  
  114. return $this->container; 
  115.  
  116. /** 
  117. * Write the data from the current session to the data storage system. 
  118. */ 
  119. public function write_data() { 
  120. $option_key = "_wp_session_{$this->session_id}"; 
  121.  
  122. // Only write the collection to the DB if it's changed. 
  123. if ( $this->dirty ) { 
  124. if ( false === get_option( $option_key ) ) { 
  125. add_option( "_wp_session_{$this->session_id}", $this->container, '', 'no' ); 
  126. add_option( "_wp_session_expires_{$this->session_id}", $this->expires, '', 'no' ); 
  127. } else { 
  128. delete_option( "_wp_session_{$this->session_id}" ); 
  129. add_option( "_wp_session_{$this->session_id}", $this->container, '', 'no' ); 
  130.  
  131. /** 
  132. * Output the current container contents as a JSON-encoded string. 
  133. * @return string 
  134. */ 
  135. public function json_out() { 
  136. return json_encode( $this->container ); 
  137.  
  138. /** 
  139. * Decodes a JSON string and, if the object is an array, overwrites the session container with its contents. 
  140. * @param string $data 
  141. * @return bool 
  142. */ 
  143. public function json_in( $data ) { 
  144. $array = json_decode( $data ); 
  145.  
  146. if ( is_array( $array ) ) { 
  147. $this->container = $array; 
  148. return true; 
  149.  
  150. return false; 
  151.  
  152. /** 
  153. * Regenerate the current session's ID. 
  154. * @param bool $delete_old Flag whether or not to delete the old session data from the server. 
  155. */ 
  156. public function regenerate_id( $delete_old = false ) { 
  157. if ( $delete_old ) { 
  158. delete_option( "_wp_session_{$this->session_id}" ); 
  159.  
  160. $this->session_id = $this->generate_id(); 
  161.  
  162. $this->set_cookie(); 
  163.  
  164. /** 
  165. * Check if a session has been initialized. 
  166. * @return bool 
  167. */ 
  168. public function session_started() { 
  169. return !!self::$instance; 
  170.  
  171. /** 
  172. * Return the read-only cache expiration value. 
  173. * @return int 
  174. */ 
  175. public function cache_expiration() { 
  176. return $this->expires; 
  177.  
  178. /** 
  179. * Flushes all session variables. 
  180. */ 
  181. public function reset() { 
  182. $this->container = array(); 
  183.  
  184. /*****************************************************************/ 
  185. /** Iterator Implementation */ 
  186. /*****************************************************************/ 
  187.  
  188. /** 
  189. * Current position of the array. 
  190. * @link http://php.net/manual/en/iterator.current.php 
  191. * @return mixed 
  192. */ 
  193. public function current() { 
  194. return current( $this->container ); 
  195.  
  196. /** 
  197. * Key of the current element. 
  198. * @link http://php.net/manual/en/iterator.key.php 
  199. * @return mixed 
  200. */ 
  201. public function key() { 
  202. return key( $this->container ); 
  203.  
  204. /** 
  205. * Move the internal point of the container array to the next item 
  206. * @link http://php.net/manual/en/iterator.next.php 
  207. * @return void 
  208. */ 
  209. public function next() { 
  210. next( $this->container ); 
  211.  
  212. /** 
  213. * Rewind the internal point of the container array. 
  214. * @link http://php.net/manual/en/iterator.rewind.php 
  215. * @return void 
  216. */ 
  217. public function rewind() { 
  218. reset( $this->container ); 
  219.  
  220. /** 
  221. * Is the current key valid? 
  222. * @link http://php.net/manual/en/iterator.rewind.php 
  223. * @return bool 
  224. */ 
  225. public function valid() { 
  226. return $this->offsetExists( $this->key() ); 
  227.  
  228. /*****************************************************************/ 
  229. /** Countable Implementation */ 
  230. /*****************************************************************/ 
  231.  
  232. /** 
  233. * Get the count of elements in the container array. 
  234. * @link http://php.net/manual/en/countable.count.php 
  235. * @return int 
  236. */ 
  237. public function count() { 
  238. return count( $this->container );