Chris@0: <?php
Chris@0: 
Chris@0: namespace Drupal\Core\Session;
Chris@0: 
Chris@0: use Drupal\Component\Utility\Crypt;
Chris@0: use Drupal\Core\Database\Connection;
Chris@0: use Drupal\Core\DependencyInjection\DependencySerializationTrait;
Chris@0: use Drupal\Core\Utility\Error;
Chris@0: use Symfony\Component\HttpFoundation\RequestStack;
Chris@0: use Symfony\Component\HttpFoundation\Session\Storage\Proxy\AbstractProxy;
Chris@0: 
Chris@0: /**
Chris@0:  * Default session handler.
Chris@0:  */
Chris@0: class SessionHandler extends AbstractProxy implements \SessionHandlerInterface {
Chris@0: 
Chris@0:   use DependencySerializationTrait;
Chris@0: 
Chris@0:   /**
Chris@0:    * The request stack.
Chris@0:    *
Chris@0:    * @var \Symfony\Component\HttpFoundation\RequestStack
Chris@0:    */
Chris@0:   protected $requestStack;
Chris@0: 
Chris@0:   /**
Chris@0:    * The database connection.
Chris@0:    *
Chris@0:    * @var \Drupal\Core\Database\Connection
Chris@0:    */
Chris@0:   protected $connection;
Chris@0: 
Chris@0:   /**
Chris@0:    * Constructs a new SessionHandler instance.
Chris@0:    *
Chris@0:    * @param \Symfony\Component\HttpFoundation\RequestStack $request_stack
Chris@0:    *   The request stack.
Chris@0:    * @param \Drupal\Core\Database\Connection $connection
Chris@0:    *   The database connection.
Chris@0:    */
Chris@0:   public function __construct(RequestStack $request_stack, Connection $connection) {
Chris@0:     $this->requestStack = $request_stack;
Chris@0:     $this->connection = $connection;
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   public function open($save_path, $name) {
Chris@0:     return TRUE;
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   public function read($sid) {
Chris@0:     $data = '';
Chris@0:     if (!empty($sid)) {
Chris@0:       // Read the session data from the database.
Chris@0:       $query = $this->connection
Chris@0:         ->queryRange('SELECT session FROM {sessions} WHERE sid = :sid', 0, 1, [':sid' => Crypt::hashBase64($sid)]);
Chris@0:       $data = (string) $query->fetchField();
Chris@0:     }
Chris@0:     return $data;
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   public function write($sid, $value) {
Chris@0:     // The exception handler is not active at this point, so we need to do it
Chris@0:     // manually.
Chris@0:     try {
Chris@0:       $request = $this->requestStack->getCurrentRequest();
Chris@0:       $fields = [
Chris@0:         'uid' => $request->getSession()->get('uid', 0),
Chris@0:         'hostname' => $request->getClientIP(),
Chris@0:         'session' => $value,
Chris@0:         'timestamp' => REQUEST_TIME,
Chris@0:       ];
Chris@0:       $this->connection->merge('sessions')
Chris@0:         ->keys(['sid' => Crypt::hashBase64($sid)])
Chris@0:         ->fields($fields)
Chris@0:         ->execute();
Chris@0:       return TRUE;
Chris@0:     }
Chris@0:     catch (\Exception $exception) {
Chris@0:       require_once DRUPAL_ROOT . '/core/includes/errors.inc';
Chris@0:       // If we are displaying errors, then do so with no possibility of a
Chris@0:       // further uncaught exception being thrown.
Chris@0:       if (error_displayable()) {
Chris@0:         print '<h1>Uncaught exception thrown in session handler.</h1>';
Chris@0:         print '<p>' . Error::renderExceptionSafe($exception) . '</p><hr />';
Chris@0:       }
Chris@0:       return FALSE;
Chris@0:     }
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   public function close() {
Chris@0:     return TRUE;
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   public function destroy($sid) {
Chris@0:     // Delete session data.
Chris@0:     $this->connection->delete('sessions')
Chris@0:       ->condition('sid', Crypt::hashBase64($sid))
Chris@0:       ->execute();
Chris@0: 
Chris@0:     return TRUE;
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   public function gc($lifetime) {
Chris@0:     // Be sure to adjust 'php_value session.gc_maxlifetime' to a large enough
Chris@0:     // value. For example, if you want user sessions to stay in your database
Chris@0:     // for three weeks before deleting them, you need to set gc_maxlifetime
Chris@0:     // to '1814400'. At that value, only after a user doesn't log in after
Chris@0:     // three weeks (1814400 seconds) will his/her session be removed.
Chris@0:     $this->connection->delete('sessions')
Chris@0:       ->condition('timestamp', REQUEST_TIME - $lifetime, '<')
Chris@0:       ->execute();
Chris@0:     return TRUE;
Chris@0:   }
Chris@0: 
Chris@0: }