view core/lib/Drupal/Core/Session/SessionConfigurationInterface.php @ 13:5fb285c0d0e3

Update Drupal core to 8.4.7 via Composer. Security update; I *think* we've been lucky to get away with this so far, as we don't support self-registration which seems to be used by the so-called "drupalgeddon 2" attack that 8.4.5 was vulnerable to.
author Chris Cannam
date Mon, 23 Apr 2018 09:33:26 +0100
parents 4c8ae668cc8c
children
line wrap: on
line source
<?php

namespace Drupal\Core\Session;

use Symfony\Component\HttpFoundation\Request;

/**
 * Defines an interface for session configuration generators.
 */
interface SessionConfigurationInterface {

  /**
   * Determines whether a session identifier is on the request.
   *
   * This method detects whether a session was started during one of the
   * previous requests from the same user agent. Session identifiers are
   * normally passed along using cookies and hence a typical implementation
   * checks whether the session cookie is on the request.
   *
   * @param \Symfony\Component\HttpFoundation\Request $request
   *   The request.
   *
   * @return bool
   *   TRUE if there is a session identifier on the request.
   */
  public function hasSession(Request $request);

  /**
   * Returns a list of options suitable for passing to the session storage.
   *
   * @see \Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage::__construct()
   *
   * @param \Symfony\Component\HttpFoundation\Request $request
   *   The request.
   *
   * @return array
   *   An associative array of session ini settings.
   */
  public function getOptions(Request $request);

}