Commit 312b97e9 authored by Dries's avatar Dries

- Patch #253702 by Damien Tournoud et al: further clean-up of the session handling code.

parent 48727a34
......@@ -1031,7 +1031,7 @@ function _drupal_bootstrap($phase) {
case DRUPAL_BOOTSTRAP_SESSION:
require_once variable_get('session_inc', './includes/session.inc');
session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', 'sess_destroy_sid', 'sess_gc');
session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy_sid', '_sess_gc');
session_start();
break;
......
......@@ -32,7 +32,7 @@
*
* @return
* This function will always return TRUE.
*/
*/
function _sess_open() {
return TRUE;
}
......@@ -48,7 +48,7 @@ function _sess_open() {
*
* @return
* This function will always return TRUE.
*/
*/
function _sess_close() {
return TRUE;
}
......@@ -68,7 +68,7 @@ function _sess_close() {
* @return
* Either an array of the session data, or an empty string, if no data
* was found or the user is anonymous.
*/
*/
function _sess_read($key) {
global $user;
......@@ -127,7 +127,7 @@ function _sess_read($key) {
* Serialized array of the session data.
* @return
* This function will always return TRUE.
*/
*/
function _sess_write($key, $value) {
global $user;
......@@ -136,7 +136,7 @@ function _sess_write($key, $value) {
// the session table. This reduces memory and server load, and gives more useful
// statistics. We can't eliminate anonymous session table rows without breaking
// the "Who's Online" block.
if (!session_save_session() || (empty($_COOKIE[session_name()]) && empty($value))) {
if (!drupal_save_session() || (empty($_COOKIE[session_name()]) && empty($value))) {
return TRUE;
}
......@@ -170,7 +170,7 @@ function _sess_write($key, $value) {
/**
* Called when an anonymous user becomes authenticated or vice-versa.
*/
function sess_regenerate() {
function drupal_session_regenerate() {
$old_session_id = session_id();
session_regenerate_id();
db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id);
......@@ -189,19 +189,20 @@ function sess_regenerate() {
* @return int
* The number of users with sessions.
*/
function sess_count($timestamp = 0, $anonymous = true) {
function drupal_session_count($timestamp = 0, $anonymous = true) {
$query = $anonymous ? ' AND uid = 0' : ' AND uid > 0';
return db_result(db_query('SELECT COUNT(sid) AS count FROM {sessions} WHERE timestamp >= %d' . $query, $timestamp));
}
/**
* Called by PHP session handling with the PHP session ID
* to end a user's session.
* Session handler assigned by session_set_save_handler().
*
* Cleanup a specific session.
*
* @param string $sid
* the session id
*/
function sess_destroy_sid($sid) {
function _sess_destroy_sid($sid) {
db_query("DELETE FROM {sessions} WHERE sid = '%s'", $sid);
}
......@@ -211,11 +212,16 @@ function sess_destroy_sid($sid) {
* @param string $uid
* the user id
*/
function sess_destroy_uid($uid) {
function drupal_session_destroy_uid($uid) {
db_query('DELETE FROM {sessions} WHERE uid = %d', $uid);
}
function sess_gc($lifetime) {
/**
* Session handler assigned by session_set_save_handler().
*
* Cleanup stalled sessions.
*/
function _sess_gc($lifetime) {
// Be sure to adjust 'php_value session.gc_maxlifetime' to a large enough
// value. For example, if you want user sessions to stay in your database
// for three weeks before deleting them, you need to set gc_maxlifetime
......@@ -240,7 +246,7 @@ function sess_gc($lifetime) {
* @return
* FALSE if writing session data has been disabled. Otherwise, TRUE.
*/
function session_save_session($status = NULL) {
function drupal_save_session($status = NULL) {
static $save_session = TRUE;
if (isset($status)) {
$save_session = $status;
......
......@@ -26,19 +26,19 @@ class SessionTestCase extends DrupalWebTestCase {
}
/**
* Tests for session_save_session().
* Tests for drupal_save_session().
*/
function testSessionSaveSession() {
$this->assertTrue(session_save_session(), t('session_save_session() correctly returns TRUE when initially called with no arguments.'), t('Session'));
$this->assertFalse(session_save_session(FALSE), t('session_save_session() correctly returns FALSE when called with FALSE.'), t('Session'));
$this->assertFalse(session_save_session(), t('session_save_session() correctly returns FALSE when saving has been disabled.'), t('Session'));
$this->assertTrue(session_save_session(TRUE), t('session_save_session() correctly returns TRUE when called with TRUE.'), t('Session'));
$this->assertTrue(session_save_session(), t('session_save_session() correctly returns TRUE when saving has been enabled.'), t('Session'));
$this->assertTrue(drupal_save_session(), t('drupal_save_session() correctly returns TRUE when initially called with no arguments.'), t('Session'));
$this->assertFalse(drupal_save_session(FALSE), t('drupal_save_session() correctly returns FALSE when called with FALSE.'), t('Session'));
$this->assertFalse(drupal_save_session(), t('drupal_save_session() correctly returns FALSE when saving has been disabled.'), t('Session'));
$this->assertTrue(drupal_save_session(TRUE), t('drupal_save_session() correctly returns TRUE when called with TRUE.'), t('Session'));
$this->assertTrue(drupal_save_session(), t('drupal_save_session() correctly returns TRUE when saving has been enabled.'), t('Session'));
}
/**
* Test data persistence via the session_test module callbacks. Also tests
* sess_count() since session data is already generated here.
* drupal_session_count() since session data is already generated here.
*/
function testDataPersistence() {
$user = $this->drupalCreateUser(array('access content'));
......@@ -54,13 +54,13 @@ class SessionTestCase extends DrupalWebTestCase {
$this->drupalGet('session-test/get');
$this->assertText($value_1, t('Session correctly returned the stored data for an authenticated user.'), t('Session'));
// Attempt to write over val_1. If session_save_session(FALSE) is working.
// Attempt to write over val_1. If drupal_save_session(FALSE) is working.
// properly, val_1 will still be set.
$value_2 = $this->randomName();
$this->drupalGet('session-test/no-set/' . $value_2);
$this->assertText($value_2, t('The session value was correctly passed to session-test/no-set.'), t('Session'));
$this->drupalGet('session-test/get');
$this->assertText($value_1, t('Session data is not saved for session_save_session(FALSE).'), t('Session'));
$this->assertText($value_1, t('Session data is not saved for drupal_save_session(FALSE).'), t('Session'));
// Switch browser cookie to anonymous user, then back to user 1.
$this->sessionReset();
......@@ -85,7 +85,7 @@ class SessionTestCase extends DrupalWebTestCase {
$this->drupalGet('session-test/no-set/' . $value_4);
$this->assertText($value_4, t('The session value was correctly passed to session-test/no-set.'), t('Session'));
$this->drupalGet('session-test/get');
$this->assertText($value_3, t('Session data is not saved for session_save_session(FALSE).'), t('Session'));
$this->assertText($value_3, t('Session data is not saved for drupal_save_session(FALSE).'), t('Session'));
// Logout and get first user back in. Sessions shouldn't persist through
// logout, so the data won't be on the page.
......@@ -100,10 +100,10 @@ class SessionTestCase extends DrupalWebTestCase {
$this->drupalLogin($user2);
$this->session_count_authenticated = $this->session_count++;
// Perform sess_count tests here in order to use the session data already generated.
// Perform drupal_session_count tests here in order to use the session data already generated.
// Test absolute count.
$anonymous = sess_count(0, TRUE);
$authenticated = sess_count(0, FALSE);
$anonymous = drupal_session_count(0, TRUE);
$authenticated = drupal_session_count(0, FALSE);
$this->assertEqual($anonymous + $authenticated, $this->session_count, t('Correctly counted @count total sessions.', array('@count' => $this->session_count)), t('Session'));
// Test anonymous count.
......@@ -113,7 +113,7 @@ class SessionTestCase extends DrupalWebTestCase {
$this->assertEqual($authenticated, $this->session_count_authenticated, t('Correctly counted @count authenticated sessions.', array('@count' => $authenticated)), t('Session'));
// Should return 0 sessions from 1 second from now.
$this->assertEqual(sess_count(time() + 1), 0, t('Correctly returned 0 sessions newer than the current time.'), t('Session'));
$this->assertEqual(drupal_session_count(time() + 1), 0, t('Correctly returned 0 sessions newer than the current time.'), t('Session'));
}
......
......@@ -49,7 +49,7 @@ function _session_test_set($value) {
* anyway.
*/
function _session_test_no_set($value) {
session_save_session(FALSE);
drupal_save_session(FALSE);
_session_test_set($value);
return t('session saving was disabled, and then %val was set', array('%val' => $value));
}
......@@ -277,14 +277,14 @@ function user_save($account, $edit = array(), $category = 'account') {
// Delete a blocked user's sessions to kick them if they are online.
if (isset($edit['status']) && $edit['status'] == 0) {
sess_destroy_uid($account->uid);
drupal_session_destroy_uid($account->uid);
}
// If the password changed, delete all open sessions and recreate
// the current one.
if (!empty($edit['pass'])) {
sess_destroy_uid($account->uid);
sess_regenerate();
drupal_session_destroy_uid($account->uid);
drupal_session_regenerate();
}
// Refresh user object.
......@@ -792,7 +792,7 @@ function user_block($op = 'list', $delta = '', $edit = array()) {
// Perform database queries to gather online user lists. We use s.timestamp
// rather than u.access because it is much faster.
$anonymous_count = sess_count($interval);
$anonymous_count = drupal_session_count($interval);
$authenticated_users = db_query('SELECT DISTINCT u.uid, u.name, s.timestamp FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.timestamp >= %d AND s.uid > 0 ORDER BY s.timestamp DESC', $interval);
$authenticated_count = 0;
$max_users = variable_get('user_block_max_list_count', 10);
......@@ -1344,7 +1344,7 @@ function user_authenticate_finalize(&$edit) {
$user->login = $_SERVER['REQUEST_TIME'];
db_query("UPDATE {users} SET login = %d WHERE uid = %d", $user->login, $user->uid);
user_module_invoke('login', $edit, $user);
sess_regenerate();
drupal_session_regenerate();
}
/**
......@@ -1555,7 +1555,7 @@ function _user_edit_submit($uid, &$edit) {
*/
function user_delete($edit, $uid) {
$account = user_load(array('uid' => $uid));
sess_destroy_uid($uid);
drupal_session_destroy_uid($uid);
_user_mail_notify('status_deleted', $account);
module_invoke_all('user', 'delete', $edit, $account);
db_query('DELETE FROM {users} WHERE uid = %d', $uid);
......@@ -2210,7 +2210,7 @@ function user_block_user_action(&$object, $context = array()) {
$uid = $user->uid;
}
db_query("UPDATE {users} SET status = 0 WHERE uid = %d", $uid);
sess_destroy_uid($uid);
drupal_session_destroy_uid($uid);
watchdog('action', 'Blocked user %name.', array('%name' => check_plain($user->name)));
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment