-
Notifications
You must be signed in to change notification settings - Fork 215
/
SessionStore.php
158 lines (133 loc) · 4.05 KB
/
SessionStore.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
<?php
declare(strict_types=1);
namespace Auth0\SDK\Store;
use Auth0\SDK\Configuration\SdkConfiguration;
use Auth0\SDK\Contract\StoreInterface;
use Auth0\SDK\Utility\Toolkit;
use function defined;
/**
* This class provides a layer to persist data using PHP Sessions.
*/
final class SessionStore implements StoreInterface
{
/**
* SessionStore constructor.
*
* @param SdkConfiguration $configuration Base configuration options for the SDK. See the SdkConfiguration class constructor for options.
* @param string $sessionPrefix a string to prefix session keys with
*/
public function __construct(
private SdkConfiguration $configuration,
private string $sessionPrefix = 'auth0',
) {
}
/**
* This has no effect when using sessions as the storage medium.
*
* @param bool $deferring whether to defer persisting the storage state
*
* @codeCoverageIgnore
*/
public function defer(
bool $deferring,
): void {
}
/**
* Removes a persisted value identified by $key.
*
* @param string $key session key to delete
*/
public function delete(
string $key,
): void {
$this->start();
unset($_SESSION[$this->getSessionName($key)]);
}
/**
* Gets persisted values identified by $key.
* If the value is not set, returns $default.
*
* @param string $key session key to set
* @param mixed $default default to return if nothing was found
*
* @return mixed
*/
public function get(
string $key,
$default = null,
) {
$this->start();
$keyName = $this->getSessionName($key);
if (isset($_SESSION[$keyName])) {
return $_SESSION[$keyName];
}
return $default;
}
/**
* Constructs a session key name.
*
* @param string $key session key name to prefix and return
*/
public function getSessionName(
string $key,
): string {
[$key] = Toolkit::filter([$key])->string()->trim();
Toolkit::assert([
[$key, \Auth0\SDK\Exception\ArgumentException::missing('key')],
])->isString();
return $this->sessionPrefix . '_' . ($key ?? '');
}
/**
* Removes all persisted values.
*/
public function purge(): void
{
$this->start();
$session = $_SESSION ?? [];
$prefix = $this->sessionPrefix . '_';
if ([] !== $session) {
while ($sessionKey = key($session)) {
if (mb_substr($sessionKey, 0, mb_strlen($prefix)) === $prefix) {
unset($_SESSION[$sessionKey]);
}
next($session);
}
}
}
/**
* Persists $value on $_SESSION, identified by $key.
*
* @param string $key session key to set
* @param mixed $value value to use
*/
public function set(
string $key,
$value,
): void {
$this->start();
$_SESSION[$this->getSessionName($key)] = $value;
}
/**
* This basic implementation of BaseAuth0 SDK uses PHP Sessions to store volatile data.
*/
public function start(): void
{
$sessionId = session_id();
if ('' === $sessionId || false === $sessionId) {
// @codeCoverageIgnoreStart
if (! defined('AUTH0_TESTS_DIR')) {
session_set_cookie_params([
'lifetime' => $this->configuration->getCookieExpires(),
'domain' => $this->configuration->getCookieDomain(),
'path' => $this->configuration->getCookiePath(),
'secure' => $this->configuration->getCookieSecure(),
'httponly' => true,
'samesite' => 'form_post' === $this->configuration->getResponseMode() ? 'None' : $this->configuration->getCookieSameSite() ?? 'Lax',
]);
}
// @codeCoverageIgnoreEnd
session_register_shutdown();
session_start();
}
}
}