Arbit - project tracking

Arbit - project tracking

API documentation :: Docs For Class arbitSession

Packages:

Interfaces:

Classes:

Core::arbitSession

[ Index ] [ Core classes ] [ Core elements ] [ All elements ] [ Errors ]

Class arbitSession

Arbit session wrapper We use a wrapper around PHPs well working and abstracted sessions functions, because we want to additionally offer the following:

  • User transparent seperation of project dependend session data, by maintaining custom arrays for values.

Arbit session wrapper We use a wrapper around PHPs well working and abstracted sessions functions, because we want to additionally offer the following:

  • User transparent seperation of project dependend session data, by maintaining custom arrays for values.
  • Value checking and readonly values for selected session keys.
  • Unified session access logging and profiling
  • Simple helper functions for form token generation and validation inside the main session

Author(s):
Version:   $Revision: 1692 $
License:   GPL

Member Variables

protected static arbitSessionBackend $backend
Currently used session backend

Currently used session backend
protected static array $project
Currently selected project, defining the currently used session value namespace.

Currently selected project, defining the currently used session value namespace.
protected static arbitRequest $request
Currently executed request, available for application wide read access of the current request context.

Currently executed request, available for application wide read access of the current request context.
protected static boolean $writeable
Flag if the session currently is (still) writeable.

Flag if the session currently is (still) writeable.

Method Summary

protected static void checkClientHash( )
Ensure client hash stays the same This method will throw an exception, if it notices a session takeover.
public static bool checkToken( $token )
Check one-time token Check if the given one-time token is valid and return the validation state. be reused, and even a second call to this function will not return true any more.
public static void close( )
Close current session Close current session for writing, so that other request are not locked.
protected static void generateFormToken( )
Generate new one time token Generate a new one-time token, which can be used by all forms diuring the current request. stored in the session.
public static mixed get( $key )
Get session value.
public static arbitRequest getCurrentRequest( )
Get currently selected request Currently executed request, available for application wide read access of the current request context.
public static string getFormToken( )
Get one-time form token Generate a one-time token for input forms, so that they cannot be resubmitted. can only be used one time to validate form contents against it.
public static mixed getGlobal( $key )
Get global session key value Get the value of a global session key. independant, and should commonly not be used.
public static void initialize( $request )
Initialize session from currently selected project This method may throw a arbitSessionTakeOverException, if a session takeover is detected.
public static bool login( $user )
Login a user in the current project
public static void logout( )
Logout a user in the current project
public static bool may( $permission )
Checks if user has proper rights for some action Checks if the current user has the permissions for the requested priviledge.
protected static void regenerateId( )
Method to regenerate session ID Performs additional checks, to work in the test environment and may check for strange circumstances.
public static void remove( $key )
Remove a session variable Remove a value completey from the session.
protected static void resetSession( )
Reset the session Reset the current session, by assigning only the permissions for anonymous users and resetting the login state.
public static mixed set( $key , $value )
Set session value.
public static void setBackend( $backend )
Set session backend Configure the session backend to use.
public static mixed setGlobal( $key , $value )
Ret global session key value Set the value of a global session key. independant, and should commonly not be used.

Methods

checkClientHash

static void checkClientHash( )

Ensure client hash stays the same This method will throw an exception, if it notices a session takeover.

Ensure client hash stays the same This method will throw an exception, if it notices a session takeover. The check for this bases only on the user-agent string, and may be considered too weak.

checkToken

static bool checkToken( string $token )

Check one-time token Check if the given one-time token is valid and return the validation state. be reused, and even a second call to this function will not return true any more.

Check one-time token Check if the given one-time token is valid and return the validation state. Valid tokens will be removed from the list, so that they may not be reused, and even a second call to this function will not return true any more.

Parameters:
Name Type Description
$token string

close

static void close( )

Close current session Close current session for writing, so that other request are not locked.

Close current session Close current session for writing, so that other request are not locked.

generateFormToken

static void generateFormToken( )

Generate new one time token Generate a new one-time token, which can be used by all forms diuring the current request. stored in the session.

Generate new one time token Generate a new one-time token, which can be used by all forms diuring the current request. Ensures that not too many one-time tokens are stored in the session. This might break submitting forms which are kept open in browser, while surfing the website in another widow / tab.

get

static mixed get( string $key )

Get session value.

Get session value.

Parameters:
Name Type Description
$key string

getCurrentRequest

static arbitRequest getCurrentRequest( )

Get currently selected request Currently executed request, available for application wide read access of the current request context.

Get currently selected request Currently executed request, available for application wide read access of the current request context.

getFormToken

static string getFormToken( )

Get one-time form token Generate a one-time token for input forms, so that they cannot be resubmitted. can only be used one time to validate form contents against it.

Get one-time form token Generate a one-time token for input forms, so that they cannot be resubmitted. The returned "random" token is stored in the session and can only be used one time to validate form contents against it.

getGlobal

static mixed getGlobal( string $key )

Get global session key value Get the value of a global session key. independant, and should commonly not be used.

Get global session key value Get the value of a global session key. These session keys are project independant, and should commonly not be used.

Parameters:
Name Type Description
$key string

initialize

static void initialize( arbitRequest $request )

Initialize session from currently selected project This method may throw a arbitSessionTakeOverException, if a session takeover is detected.

Initialize session from currently selected project This method may throw a arbitSessionTakeOverException, if a session takeover is detected.

Parameters:
Name Type Description
$request arbitRequest

login

static bool login( arbitModelUser $user )

Login a user in the current project

Login a user in the current project

Parameters:
Name Type Description
$user arbitModelUser

logout

static void logout( )

Logout a user in the current project

Logout a user in the current project

may

static bool may( string $permission )

Checks if user has proper rights for some action Checks if the current user has the permissions for the requested priviledge.

Checks if user has proper rights for some action Checks if the current user has the permissions for the requested priviledge.

Parameters:
Name Type Description
$permission string

regenerateId

static void regenerateId( )

Method to regenerate session ID Performs additional checks, to work in the test environment and may check for strange circumstances.

Method to regenerate session ID Performs additional checks, to work in the test environment and may check for strange circumstances.

remove

static void remove( string $key )

Remove a session variable Remove a value completey from the session.

Remove a session variable Remove a value completey from the session.

Parameters:
Name Type Description
$key string

resetSession

static void resetSession( )

Reset the session Reset the current session, by assigning only the permissions for anonymous users and resetting the login state.

Reset the session Reset the current session, by assigning only the permissions for anonymous users and resetting the login state.

set

static mixed set( string $key , mixed $value )

Set session value.

Set session value. Set the session value and return the set value to enable fluent interfaces. The method may implement value checks for some values in the future.

Parameters:
Name Type Description
$key string
$value mixed

setBackend

static void setBackend( arbitSessionBackend $backend )

Set session backend Configure the session backend to use.

Set session backend Configure the session backend to use.

Parameters:
Name Type Description
$backend arbitSessionBackend

setGlobal

static mixed setGlobal( string $key , mixed $value )

Ret global session key value Set the value of a global session key. independant, and should commonly not be used.

Ret global session key value Set the value of a global session key. These session keys are project independant, and should commonly not be used. Returns the set value.

Parameters:
Name Type Description
$key string
$value mixed
Documentation generated on Mon, 05 Apr 2010 14:02:17 +0200 by phpDocumentor 1.4.3

Arbit - project tracking, licensed under GPL 3