Class session

Description

THE SESSION CLASS A class to manage user sessions. A session is simply a thing which contains information about a user who has logged on to the system, so in fact the session is just an extension of a user.

To access the system a user must either create a new session, or recover an existing session. A new session is created if the user provides login details: userid/password or unique $authid (MD5). An existing session may be 'recovered' if the login details are absent, and if a cookie is sent containing a valid session key.

Located in /session-defs.php (line 118)

user
   |
   --session
Direct descendents
Class Description
 class webstream The webstream class
Variable Summary
Method Summary
 session session ()
 void delete_cookie ()
 bool identify_user ()
 void on_logins_exceeded ([mixed $option = SESS_ALLOW_CULL], [mixed $parm = ""])
 mixed recover (mixed $session_id)
 void session_clear ()
 void session_create ([integer $logintype = LOGIN_BY_PASSWD])
 void session_delete ()
 bool session_valid ()
 void set_cookie (string $content, [integer $expires = false])
 void set_cookiename ([string $name = "session_id"])
 void set_guest_browser_lifetime ([bool $guest_browser_lifetime = false])
 void set_lifetime ([integer $secs = SESS_1_DAY])
 void set_sessiontype ([bool $type = SESS_DATABASE_BACKED])
 void set_session_track_logins ([bool $session_track_logins = false])
Variables
mixed $cookiename = "" (line 130)

The session cookie name

mixed $db_backed = SESS_DATABASE_BACKED (line 122)

The type of this session

mixed $error_message = "" (line 134)

Error condition message if any

mixed $guest_browser_lifetime = false (line 128)

True if we should limit 'guest' to browser lifetime

mixed $last_logintime = 0 (line 132)

Time of last login (Unix timestamp)

mixed $lifetime = 0 (line 126)

The session lifetime, in seconds

mixed $logins_exceeded_msg = "" (line 138)

Custom message to deliver when blocking

mixed $logins_exceeded_option = SESS_ALLOW_CULL (line 136)

Option to take on logins exceeded for user

mixed $logins_exceeded_redirect = "" (line 140)

URL to redirect to on logins exceeded

mixed $login_type = LOGIN_BY_PASSWD (line 142)

Login type for this session

mixed $session_id = false (line 120)

The ID of this session

mixed $session_record (line 124)

The session record complete

mixed $session_track_logins = true (line 144)

Whether we are tracking session logins

Inherited Variables

Inherited from user

user::$authentication_method
user::$auth_code
user::$email
user::$enabled
user::$first_name
user::$group_info
user::$group_names
user::$hasgroups
user::$hasIPlist
user::$honorific_prefix
user::$IP
user::$last_name
user::$limit_logins
user::$locked
user::$mid_names
user::$name
user::$passwd_alphanum_mixed
user::$passwd_apply_stopwords
user::$passwd_char_uniqueness
user::$passwd_delay_ms
user::$passwd_encryption
user::$passwd_expiry_days
user::$passwd_expiry_ts
user::$passwd_failures
user::$passwd_forever
user::$passwd_history
user::$passwd_history_cycle
user::$passwd_max_attempts
user::$passwd_min_chars
user::$password
user::$remote_auth_dbname
user::$remote_auth_fields
user::$remote_auth_source
user::$remote_auth_tablename
user::$total_logins
user::$userid
user::$user_groups_cnt
user::$user_record
user::$user_type
user::$valid
Methods
Constructor session (line 152)

Constructor Create a new session.

Initial creation of the session object does nothing. The activate() method sets it up, when called.

session session ()
delete_cookie (line 572)

Delete session cookie Deletes the session cookie from the user's browser.

void delete_cookie ()
identify_user (line 182)

Identify the user/client

Here is where we activate our session. This involves searching for the cookie, username/password sequence, or authorisation code which will allow us to identify the requester and create the proper session for them to access the website..

  • return: True if we succeeded in identifying the user, else false
bool identify_user ()
on_logins_exceeded (line 386)

Set logins exceeded action

This sets the action for when the number of logins for a given user of the system exceeds a maximum, if specified. The options for the action to take are: SESS_ALLOW Allow, assume app. will take action SESS_ALLOW_CULL Allow session, cull oldest SESS_BLOCK_MSG Block session, nice message SESS_BLOCK_SILENT Block session, no message SESS_BLOCK_REDIRECT Block session, redirect to URL SESS_BLOCK_GUEST Block session, login as guest instead

void on_logins_exceeded ([mixed $option = SESS_ALLOW_CULL], [mixed $parm = ""])
recover (line 482)

Recover session Recover an existing session. This will obliterate any pre-existing session information in this object, since we expect it to succeed..

  • return: Session ID or else false
mixed recover (mixed $session_id)
session_clear (line 708)

Clear session vars Common method for clearing out the current session info from the object variables.

void session_clear ()
session_create (line 640)

Create new session Make a brand new session for the user.

void session_create ([integer $logintype = LOGIN_BY_PASSWD])
  • integer $logintype: Type of login for this session
session_delete (line 694)

Delete the session Delete the current session from the system.

void session_delete ()
session_valid (line 723)

Is session valid Return validity status. If there is a session ID and a valid user then the whole session is deemed valid, otherwise not.

  • return: True if this session is valid
bool session_valid ()
set_cookie (line 530)

Set the session cookie.

void set_cookie (string $content, [integer $expires = false])
  • string $content: The content of the cookie
  • integer $expires: The Unix time() value for expiry datetime of the cookie
set_cookiename (line 611)

Set session cookie name

void set_cookiename ([string $name = "session_id"])
  • string $name: Cookie name to use for session ID
set_guest_browser_lifetime (line 621)

Set session guest browser lifetime flag If set True this causes the cookie lifetime to be forced to the browser lifetime if the user is 'guest'.

void set_guest_browser_lifetime ([bool $guest_browser_lifetime = false])
  • bool $guest_browser_lifetime: True if guest cookie limited to browser lifetime
set_lifetime (line 603)

Set session lifetime Set the session cookie lifetime in seconds.

void set_lifetime ([integer $secs = SESS_1_DAY])
  • integer $secs: Seconds lifetime for the session cookie
set_sessiontype (line 594)

Set session database backing type The database backing 'type' can be either SESS_DATABASE_BACKED, or SESS_STANDALONE.

void set_sessiontype ([bool $type = SESS_DATABASE_BACKED])
  • bool $type: Session type
set_session_track_logins (line 631)

Set session track logins flag If set True this causes the session logins for this site to be tracked for each user. This amounts to an extra DB update of a login count field.

void set_session_track_logins ([bool $session_track_logins = false])
  • bool $session_track_logins: True if we should track all user logins

Inherited Methods

Inherited From user

 user::user()
 user::authenticate()
 user::authenticate_authid()
 user::authenticate_ipaddress()
 user::authenticate_password()
 user::authenticate_userid()
 user::friendlyName()
 user::generate_password()
 user::get_auth_code()
 user::get_groups()
 user::get_user_by_auth_code()
 user::get_user_by_id()
 user::get_user_by_ip()
 user::group_ids_list()
 user::group_names_list()
 user::ismemberof_group()
 user::ismemberof_group_in()
 user::ismemberof_group_with_id()
 user::isvalid()
 user::password_expired()
 user::push_password_history()
 user::save_password_data()
 user::set_password()
 user::set_password_expiry()
 user::set_remote_authentication()
 user::set_security_profile()
 user::valid_password()

Documentation generated by phpDocumentor 1.3.0RC3