WP_Session

WordPress Session class for managing user session data.

Defined (2)

The class is defined in the following location(s).

/deprecated/includes/libraries/class-wp-session.php  
  1. final class WP_Session extends Recursive_ArrayAccess implements Iterator, Countable { 
  2.     /** 
  3.      * ID of the current session. 
  5.      * @var string 
  6.      */ 
  7.     public $session_id; 
  8.  
  9.     /** 
  10.      * Unix timestamp when session expires. 
  12.      * @var int 
  13.      */ 
  14.     protected $expires; 
  15.  
  16.     /** 
  17.      * Unix timestamp indicating when the expiration time needs to be reset. 
  19.      * @var int 
  20.      */ 
  21.     protected $exp_variant; 
  22.  
  23.     /** 
  24.      * Singleton instance. 
  26.      * @var bool|WP_Session 
  27.      */ 
  28.     private static $instance = false; 
  29.  
  30.     /** 
  31.      * Retrieve the current session instance. 
  33.      * @param bool $session_id Session ID from which to populate data. 
  35.      * @return bool|WP_Session 
  36.      */ 
  37.     public static function get_instance() { 
  38.         if ( ! self::$instance ) { 
  39.             self::$instance = new self(); 
  41.  
  42.         return self::$instance; 
  44.  
  45.     /** 
  46.      * Default constructor. 
  47.      * Will rebuild the session collection from the given session ID if it exists. Otherwise, will 
  48.      * create a new session with that ID. 
  50.      * @param $session_id 
  51.      * @uses apply_filters Calls `wp_session_expiration` to determine how long until sessions expire. 
  52.      */ 
  53.     protected function __construct() { 
  54.         if ( isset( $_COOKIE[WP_SESSION_COOKIE] ) ) { 
  55.             $cookie = stripslashes( $_COOKIE[WP_SESSION_COOKIE] ); 
  56.             $cookie_crumbs = explode( '||', $cookie ); 
  57.  
  58.             if( $this->is_valid_md5( $cookie_crumbs[0] ) ) { 
  59.                 $this->session_id = $cookie_crumbs[0]; 
  60.             } else { 
  61.                 $this->session_id = $this->regenerate_id(); 
  63.  
  64.             $this->expires = $cookie_crumbs[1]; 
  65.             $this->exp_variant = $cookie_crumbs[2]; 
  66.  
  67.             // Update the session expiration if we're past the variant time 
  68.             if ( time() > $this->exp_variant ) { 
  69.                 $this->set_expiration(); 
  70.                 delete_option( "_wp_session_expires_{$this->session_id}" ); 
  71.                 add_option( "_wp_session_expires_{$this->session_id}", $this->expires, '', 'no' ); 
  73.         } else { 
  74.             $this->session_id = $this->generate_id(); 
  75.             $this->set_expiration(); 
  77.  
  78.         $this->read_data(); 
  79.  
  80.         /** 
  81.          * Only set the cookie manually, on form submission. 
  82.          */ 
  83.         //$this->set_cookie(); 
  84.  
  86.  
  87.     /** 
  88.      * Set both the expiration time and the expiration variant. 
  90.      * If the current time is below the variant, we don't update the session's expiration time. If it's 
  91.      * greater than the variant, then we update the expiration time in the database.  This prevents 
  92.      * writing to the database on every page load for active sessions and only updates the expiration 
  93.      * time if we're nearing when the session actually expires. 
  95.      * By default, the expiration time is set to 30 minutes. 
  96.      * By default, the expiration variant is set to 24 minutes. 
  98.      * As a result, the session expiration time - at a maximum - will only be written to the database once 
  99.      * every 24 minutes.  After 30 minutes, the session will have been expired. No cookie will be sent by 
  100.      * the browser, and the old session will be queued for deletion by the garbage collector. 
  102.      * @uses apply_filters Calls `wp_session_expiration_variant` to get the max update window for session data. 
  103.      * @uses apply_filters Calls `wp_session_expiration` to get the standard expiration time for sessions. 
  104.      */ 
  105.     protected function set_expiration() { 
  106.         $this->exp_variant = time() + (int) apply_filters( 'wp_session_expiration_variant', 24 * 60 ); 
  107.         $this->expires = time() + (int) apply_filters( 'wp_session_expiration', 30 * 60 ); 
  109.  
  110.     /** 
  111.      * Set the session cookie 
  113.      * IMPORTANT: Made public 
  114.      */ 
  115.     public function set_cookie() { 
  116.         @setcookie( WP_SESSION_COOKIE, $this->session_id . '||' . $this->expires . '||' . $this->exp_variant , $this->expires, COOKIEPATH, COOKIE_DOMAIN ); 
  118.  
  119.     /** 
  120.      * Generate a cryptographically strong unique ID for the session token. 
  122.      * @return string 
  123.      */ 
  124.     protected function generate_id() { 
  125.         require_once( ABSPATH . 'wp-includes/class-phpass.php'); 
  126.         $hasher = new PasswordHash( 8, false ); 
  127.  
  128.         return md5( $hasher->get_random_bytes( 32 ) ); 
  130.  
  131.     /** 
  132.      * Read data from a transient for the current session. 
  134.      * Automatically resets the expiration time for the session transient to some time in the future. 
  136.      * @return array 
  137.      */ 
  138.     protected function read_data() { 
  139.         $this->container = get_option( "_wp_session_{$this->session_id}", array() ); 
  140.  
  141.         return $this->container; 
  143.  
  144.     /** 
  145.      * Write the data from the current session to the data storage system. 
  146.      */ 
  147.     public function write_data() { 
  148.         $option_key = "_wp_session_{$this->session_id}"; 
  149.  
  150.         // Only write the collection to the DB if it's changed. 
  151.         if ( $this->dirty ) { 
  152.             if ( false === get_option( $option_key ) ) { 
  153.                 add_option( "_wp_session_{$this->session_id}", $this->container, '', 'no' ); 
  154.                 add_option( "_wp_session_expires_{$this->session_id}", $this->expires, '', 'no' ); 
  155.             } else { 
  156.                 delete_option( "_wp_session_{$this->session_id}" ); 
  157.                 add_option( "_wp_session_{$this->session_id}", $this->container, '', 'no' ); 
  161.  
  162.     /** 
  163.      * Output the current container contents as a JSON-encoded string. 
  165.      * @return string 
  166.      */ 
  167.     public function json_out() { 
  168.         return json_encode( $this->container ); 
  170.  
  171.     /** 
  172.      * Decodes a JSON string and, if the object is an array, overwrites the session container with its contents. 
  174.      * @param string $data 
  176.      * @return bool 
  177.      */ 
  178.     public function json_in( $data ) { 
  179.         $array = json_decode( $data ); 
  180.  
  181.         if ( is_array( $array ) ) { 
  182.             $this->container = $array; 
  183.             return true; 
  185.  
  186.         return false; 
  188.  
  189.     /** 
  190.      * Regenerate the current session's ID. 
  192.      * @param bool $delete_old Flag whether or not to delete the old session data from the server. 
  193.      */ 
  194.     public function regenerate_id( $delete_old = false ) { 
  195.         if ( $delete_old ) { 
  196.             delete_option( "_wp_session_{$this->session_id}" ); 
  198.  
  199.         $this->session_id = $this->generate_id(); 
  200.  
  201.         $this->set_cookie(); 
  203.  
  204.     /** 
  205.      * Check if a session has been initialized. 
  207.      * @return bool 
  208.      */ 
  209.     public function session_started() { 
  210.         return !!self::$instance; 
  212.  
  213.     /** 
  214.      * Return the read-only cache expiration value. 
  216.      * @return int 
  217.      */ 
  218.     public function cache_expiration() { 
  219.         return $this->expires; 
  221.  
  222.     /** 
  223.      * Flushes all session variables. 
  224.      */ 
  225.     public function reset() { 
  226.         $this->container = array(); 
  228.  
  229.     /** 
  230.      * Checks if is valid md5 string 
  232.      * @param string $md5 
  233.      * @return int 
  234.      */ 
  235.     protected function is_valid_md5( $md5 = '' ) { 
  236.         return preg_match( '/^[a-f0-9]{32}$/', $md5 ); 
  238.  
  239.     /*****************************************************************/ 
  240.     /**                     Iterator Implementation                   */ 
  241.     /*****************************************************************/ 
  242.  
  243.     /** 
  244.      * Current position of the array. 
  246.      * @link http://php.net/manual/en/iterator.current.php 
  248.      * @return mixed 
  249.      */ 
  250.     public function current() { 
  251.         return current( $this->container ); 
  253.  
  254.     /** 
  255.      * Key of the current element. 
  257.      * @link http://php.net/manual/en/iterator.key.php 
  259.      * @return mixed 
  260.      */ 
  261.     public function key() { 
  262.         return key( $this->container ); 
  264.  
  265.     /** 
  266.      * Move the internal point of the container array to the next item 
  268.      * @link http://php.net/manual/en/iterator.next.php 
  270.      * @return void 
  271.      */ 
  272.     public function next() { 
  273.         next( $this->container ); 
  275.  
  276.     /** 
  277.      * Rewind the internal point of the container array. 
  279.      * @link http://php.net/manual/en/iterator.rewind.php 
  281.      * @return void 
  282.      */ 
  283.     public function rewind() { 
  284.         reset( $this->container ); 
  286.  
  287.     /** 
  288.      * Is the current key valid? 
  290.      * @link http://php.net/manual/en/iterator.rewind.php 
  292.      * @return bool 
  293.      */ 
  294.     public function valid() { 
  295.         return $this->offsetExists( $this->key() ); 
  297.  
  298.     /*****************************************************************/ 
  299.     /**                    Countable Implementation                   */ 
  300.     /*****************************************************************/ 
  301.  
  302.     /** 
  303.      * Get the count of elements in the container array. 
  305.      * @link http://php.net/manual/en/countable.count.php 
  307.      * @return int 
  308.      */ 
  309.     public function count() { 
  310.         return count( $this->container ); 
/includes/Libraries/Session/class-wp-session.php  
  1. final class WP_Session extends Recursive_ArrayAccess implements Iterator, Countable { 
  2.     /** 
  3.      * ID of the current session. 
  5.      * @var string 
  6.      */ 
  7.     public $session_id; 
  8.  
  9.     /** 
  10.      * Unix timestamp when session expires. 
  12.      * @var int 
  13.      */ 
  14.     protected $expires; 
  15.  
  16.     /** 
  17.      * Unix timestamp indicating when the expiration time needs to be reset. 
  19.      * @var int 
  20.      */ 
  21.     protected $exp_variant; 
  22.  
  23.     /** 
  24.      * Singleton instance. 
  26.      * @var bool|WP_Session 
  27.      */ 
  28.     private static $instance = false; 
  29.  
  30.     /** 
  31.      * Retrieve the current session instance. 
  33.      * @param bool $session_id Session ID from which to populate data. 
  35.      * @return bool|WP_Session 
  36.      */ 
  37.     public static function get_instance() { 
  38.         if ( ! self::$instance ) { 
  39.             self::$instance = new self(); 
  41.  
  42.         return self::$instance; 
  44.  
  45.     /** 
  46.      * Default constructor. 
  47.      * Will rebuild the session collection from the given session ID if it exists. Otherwise, will 
  48.      * create a new session with that ID. 
  50.      * @param $session_id 
  51.      * @uses apply_filters Calls `wp_session_expiration` to determine how long until sessions expire. 
  52.      */ 
  53.     protected function __construct() { 
  54.         if ( isset( $_COOKIE[WP_SESSION_COOKIE] ) ) { 
  55.             $cookie = stripslashes( $_COOKIE[WP_SESSION_COOKIE] ); 
  56.             $cookie_crumbs = explode( '||', $cookie ); 
  57.  
  58.             if( $this->is_valid_md5( $cookie_crumbs[0] ) ) { 
  59.   
  60.                $this->session_id = $cookie_crumbs[0]; 
  61.   
  62.            } else { 
  63.   
  64.                $this->regenerate_id( true ); 
  65.   
  67.   
  68.             $this->expires = $cookie_crumbs[1]; 
  69.             $this->exp_variant = $cookie_crumbs[2]; 
  70.  
  71.             // Update the session expiration if we're past the variant time 
  72.             if ( time() > $this->exp_variant ) { 
  73.                 $this->set_expiration(); 
  74.                 delete_option( "_wp_session_expires_{$this->session_id}" ); 
  75.                 add_option( "_wp_session_expires_{$this->session_id}", $this->expires, '', 'no' ); 
  77.         } else { 
  78.             $this->session_id = $this->generate_id(); 
  79.             $this->set_expiration(); 
  81.  
  82.         $this->read_data(); 
  83.  
  84.         /** 
  85.          * MODIFICATION: Only set the cookie manually. 
  86.          */ 
  87.         //$this->set_cookie(); 
  89.  
  90.     /** 
  91.      * Set both the expiration time and the expiration variant. 
  93.      * If the current time is below the variant, we don't update the session's expiration time. If it's 
  94.      * greater than the variant, then we update the expiration time in the database.  This prevents 
  95.      * writing to the database on every page load for active sessions and only updates the expiration 
  96.      * time if we're nearing when the session actually expires. 
  98.      * By default, the expiration time is set to 30 minutes. 
  99.      * By default, the expiration variant is set to 24 minutes. 
  101.      * As a result, the session expiration time - at a maximum - will only be written to the database once 
  102.      * every 24 minutes.  After 30 minutes, the session will have been expired. No cookie will be sent by 
  103.      * the browser, and the old session will be queued for deletion by the garbage collector. 
  105.      * @uses apply_filters Calls `wp_session_expiration_variant` to get the max update window for session data. 
  106.      * @uses apply_filters Calls `wp_session_expiration` to get the standard expiration time for sessions. 
  107.      */ 
  108.     protected function set_expiration() { 
  109.         $this->exp_variant = time() + (int) apply_filters( 'wp_session_expiration_variant', 24 * 60 ); 
  110.         $this->expires = time() + (int) apply_filters( 'wp_session_expiration', 30 * 60 ); 
  112.  
  113.     /** 
  114.      * Set the session cookie 
  115.      */ 
  116.     /** 
  117.      * MODIFICATION: Change access to public for manually setting cookie. 
  118.      */ 
  119.     public function set_cookie() { 
  120.         @setcookie( WP_SESSION_COOKIE, $this->session_id . '||' . $this->expires . '||' . $this->exp_variant , $this->expires, COOKIEPATH, COOKIE_DOMAIN ); 
  122.  
  123.     /** 
  124.      * Generate a cryptographically strong unique ID for the session token. 
  126.      * @return string 
  127.      */ 
  128.     protected function generate_id() { 
  129.         require_once( ABSPATH . 'wp-includes/class-phpass.php'); 
  130.         $hasher = new PasswordHash( 8, false ); 
  131.  
  132.         return md5( $hasher->get_random_bytes( 32 ) ); 
  134.  
  135.       /** 
  136.        * Checks if is valid md5 string 
  138.        * @param string $md5 
  139.        * @return int 
  140.        */ 
  141.       protected function is_valid_md5( $md5 = '' ) { 
  142.           return preg_match( '/^[a-f0-9]{32}$/', $md5 ); 
  144.  
  145.     /** 
  146.      * Read data from a transient for the current session. 
  148.      * Automatically resets the expiration time for the session transient to some time in the future. 
  150.      * @return array 
  151.      */ 
  152.     protected function read_data() { 
  153.         $this->container = get_option( "_wp_session_{$this->session_id}", array() ); 
  154.  
  155.         return $this->container; 
  157.  
  158.     /** 
  159.      * Write the data from the current session to the data storage system. 
  160.      */ 
  161.     public function write_data() { 
  162.         $option_key = "_wp_session_{$this->session_id}"; 
  163.  
  164.         // Only write the collection to the DB if it's changed. 
  165.         if ( $this->dirty ) { 
  166.             if ( false === get_option( $option_key ) ) { 
  167.                 add_option( "_wp_session_{$this->session_id}", $this->container, '', 'no' ); 
  168.                 add_option( "_wp_session_expires_{$this->session_id}", $this->expires, '', 'no' ); 
  169.             } else { 
  170.                 delete_option( "_wp_session_{$this->session_id}" ); 
  171.                 add_option( "_wp_session_{$this->session_id}", $this->container, '', 'no' ); 
  175.  
  176.     /** 
  177.      * Output the current container contents as a JSON-encoded string. 
  179.      * @return string 
  180.      */ 
  181.     public function json_out() { 
  182.         return json_encode( $this->container ); 
  184.  
  185.     /** 
  186.      * Decodes a JSON string and, if the object is an array, overwrites the session container with its contents. 
  188.      * @param string $data 
  190.      * @return bool 
  191.      */ 
  192.     public function json_in( $data ) { 
  193.         $array = json_decode( $data ); 
  194.  
  195.         if ( is_array( $array ) ) { 
  196.             $this->container = $array; 
  197.             return true; 
  199.  
  200.         return false; 
  202.  
  203.     /** 
  204.      * Regenerate the current session's ID. 
  206.      * @param bool $delete_old Flag whether or not to delete the old session data from the server. 
  207.      */ 
  208.     public function regenerate_id( $delete_old = false ) { 
  209.         if ( $delete_old ) { 
  210.             delete_option( "_wp_session_{$this->session_id}" ); 
  212.  
  213.         $this->session_id = $this->generate_id(); 
  214.  
  215.         $this->set_cookie(); 
  217.  
  218.     /** 
  219.      * Check if a session has been initialized. 
  221.      * @return bool 
  222.      */ 
  223.     public function session_started() { 
  224.         return !!self::$instance; 
  226.  
  227.     /** 
  228.      * Return the read-only cache expiration value. 
  230.      * @return int 
  231.      */ 
  232.     public function cache_expiration() { 
  233.         return $this->expires; 
  235.  
  236.     /** 
  237.      * Flushes all session variables. 
  238.      */ 
  239.     public function reset() { 
  240.         $this->container = array(); 
  242.  
  243.     /*****************************************************************/ 
  244.     /**                     Iterator Implementation                   */ 
  245.     /*****************************************************************/ 
  246.  
  247.     /** 
  248.      * Current position of the array. 
  250.      * @link http://php.net/manual/en/iterator.current.php 
  252.      * @return mixed 
  253.      */ 
  254.     public function current() { 
  255.         return current( $this->container ); 
  257.  
  258.     /** 
  259.      * Key of the current element. 
  261.      * @link http://php.net/manual/en/iterator.key.php 
  263.      * @return mixed 
  264.      */ 
  265.     public function key() { 
  266.         return key( $this->container ); 
  268.  
  269.     /** 
  270.      * Move the internal point of the container array to the next item 
  272.      * @link http://php.net/manual/en/iterator.next.php 
  274.      * @return void 
  275.      */ 
  276.     public function next() { 
  277.         next( $this->container ); 
  279.  
  280.     /** 
  281.      * Rewind the internal point of the container array. 
  283.      * @link http://php.net/manual/en/iterator.rewind.php 
  285.      * @return void 
  286.      */ 
  287.     public function rewind() { 
  288.         reset( $this->container ); 
  290.  
  291.     /** 
  292.      * Is the current key valid? 
  294.      * @link http://php.net/manual/en/iterator.rewind.php 
  296.      * @return bool 
  297.      */ 
  298.     public function valid() { 
  299.         return $this->offsetExists( $this->key() ); 
  301.  
  302.     /*****************************************************************/ 
  303.     /**                    Countable Implementation                   */ 
  304.     /*****************************************************************/ 
  305.  
  306.     /** 
  307.      * Get the count of elements in the container array. 
  309.      * @link http://php.net/manual/en/countable.count.php 
  311.      * @return int 
  312.      */ 
  313.     public function count() { 
  314.         return count( $this->container );