Shulou(Shulou.com)06/03 Report--

This article mainly explains "what is the CI framework Session.php source code", the article explains the content is simple and clear, easy to learn and understand, the following please follow the editor's ideas slowly in depth, together to study and learn "what is the CI framework Session.php source code" bar!

The Session of CI is not the native session, but all the cookie based session in front of me. In addition, CI can configure whether or not to store session in the database according to the user's choice. I like this feature very much, and there is the function of "flash data". Since the flash data is only available for the next server request, it will be automatically cleared. Common usage methods are:

$this- > session- > set_userdata ('some_name',' some_value'); / / set session data

$this- > session- > userdata ('item'); / / get session data

$this- > session- > unset_userdata ('some_name'); / / Delete session data

$this- > session- > sess_destroy (); / / destroy session data

$this- > session- > set_flashdata ('item',' value'); / / set flash data

$this- > session- > flashdata ('item'); / / get flash data

$this- > session- > keep_flashdata ('item'); / / retain flash data

The copy code is as follows:

/ * *

* CI is session based cookie

, /

Class CI_Session {

Var $sess_encrypt_cookie = FALSE; / / whether to encrypt session

Var $sess_use_database = FALSE; / / whether to store session in the database

Var $sess_table_name =''; / / session the name of the table in which the data is stored

Var $sess_expiration = 7200; / / Expiration time of session

Var $sess_expire_on_close = FALSE; / / whether to automatically expire session when the browser window is closed

Var $sess_match_ip = whether FALSE;// reads session data through the user's IP address

Var $sess_match_useragent = TRUE; / / whether to read session data according to the corresponding User Agent.

Var $sess_cookie_name = 'ci_session'; / / cookie name

Var $cookie_prefix =''; / / cookie prefix

Var $cookie_path =''; / / cookie path

Var $cookie_domain =''; / / cookie scope

Var $cookie_secure = FALSE; / / whether it is valid under the secure https protocol

Var $sess_time_to_update = 300; / / how often is session cookie updated

Var $encryption_key =''; / / encrypt key

Var $flashdata_key = 'flash'

Var $time_reference = 'time'

Var $gc_probability = 5; / / ability to recycle session

Var $userdata = array (); / / user session data save variables

Var $CI; / / CI super handle

Var $now; / / current time

Public function _ construct ($params = array ())

{

Log_message ('debug', "Session Class Initialized")

/ / get the CI superclass

$this- > CI = & get_instance ()

/ / get the configuration data in config file

Foreach (array ('sess_encrypt_cookie',' sess_use_database', 'sess_table_name',' sess_expiration', 'sess_expire_on_close',' sess_match_ip', 'sess_match_useragent',' sess_cookie_name', 'cookie_path',' cookie_domain', 'cookie_secure',' sess_time_to_update', 'time_reference',' cookie_prefix', 'encryption_key') as $key)

{

$this- > $key = (isset ($params [$key])? $params [$key]: $this- > CI- > config- > item ($key)

}

/ / encryption_key must be set

If ($this- > encryption_key ='')

{

Show_error ('In order to use the Session class you are required to set an encryption key in your config file.')

}

/ / load string helper function

$this- > CI- > load- > helper ('string')

/ / if the cookie is encrypted, the encryption class is introduced

If ($this- > sess_encrypt_cookie = = TRUE)

{

$this- > CI- > load- > library ('encrypt')

}

/ / if session is included in the database, db is introduced.

If ($this- > sess_use_database = TRUE AND $this- > sess_table_name! ='')

{

$this- > CI- > load- > database ()

}

/ / get the current time

$this- > now = $this- > _ get_time ()

/ / if the validity period of session is not set, the default is two years.

If ($this- > sess_expiration = = 0)

{

$this- > sess_expiration = (60,60,24,365)

}

/ / get the cookie name

$this- > sess_cookie_name = $this- > cookie_prefix.$this- > sess_cookie_name

/ / if session does not exist, create a new session

If (! $this- > sess_read ())

{

$this- > sess_create ()

}

Else

{

$this- > sess_update ()

}

/ / flashes the flash data marked old

$this- > _ flashdata_sweep ()

/ / data that marks new flash data as old marked old will flash on the next request

$this- > _ flashdata_mark ()

/ / Recycle / delete expired session

$this- > _ sess_gc ()

Log_message ('debug', "Session routines successfully run")

}

/ /-

/ * *

* read session data

, /

Function sess_read ()

{

/ / obtain session

$session = $this- > CI- > input- > cookie ($this- > sess_cookie_name)

/ / No session. Bye.

If ($session = FALSE)

{

Log_message ('debug',' A session cookie was not found.')

Return FALSE

}

/ / if cookie is encrypted

If ($this- > sess_encrypt_cookie = = TRUE)

{

$session = $this- > CI- > encrypt- > decode ($session)

}

Else

{

/ / encryption was not used, so we need to check the md5 hash

$hash = substr ($session, strlen ($session)-32); / / get last 32 chars

$session = substr ($session, 0, strlen ($session)-32)

/ / Does the md5 hash match? This is to prevent manipulation of session data in userspace

If ($hash! = = md5 ($session.$this- > encryption_key))

{

Log_message ('error',' The session cookie data did not match what was expected. This could be a possible hacking attempt.')

$this- > sess_destroy ()

Return FALSE

}

}

/ / deserialize the session array stored in cookie

$session = $this- > _ unserialize ($session)

/ / detect the data of session

If (! Is_array ($session) OR! Isset ($session ['session_id']) OR! Isset ($session ['ip_address']) OR! Isset ($session ['user_agent']) OR! Isset ($session ['last_activity']))

{

$this- > sess_destroy ()

Return FALSE

}

/ / is session data out of date?

If (($session ['last_activity'] + $this- > sess_expiration)

< $this->

Now)

{

$this- > sess_destroy ()

Return FALSE

}

/ / whether the session data is read according to the user ip

If ($this- > sess_match_ip = = TRUE AND $session ['ip_address']! = $this- > CI- > input- > ip_address ())

{

$this- > sess_destroy ()

Return FALSE

}

/ / whether to match session data according to ua

If ($this- > sess_match_useragent = = TRUE AND trim ($session ['user_agent'])! = trim (substr ($this- > CI- > input- > user_agent (), 0120)

{

$this- > sess_destroy ()

Return FALSE

}

/ / if the session is stored in the database, this method should be more secure. Of course, when the load is heavy, it is not recommended. The database is under great pressure to read and write.

If ($this- > sess_use_database = TRUE)

{

$this- > CI- > db- > where ('session_id', $session [' session_id'])

If ($this- > sess_match_ip = = TRUE)

{

$this- > CI- > db- > where ('ip_address', $session [' ip_address'])

}

If ($this- > sess_match_useragent = = TRUE)

{

$this- > CI- > db- > where ('user_agent', $session [' user_agent'])

}

$query = $this- > CI- > db- > get ($this- > sess_table_name)

/ / No result? Kill it!

If ($query- > num_rows () = = 0)

{

$this- > sess_destroy ()

Return FALSE

}

/ / Is there custom data? If so, add it to the main session array

$row = $query- > row ()

If (isset ($row- > user_data) AND $row- > user_data! ='')

{

$custom_data = $this- > _ unserialize ($row- > user_data)

If (is_array ($custom_data))

{

Foreach ($custom_data as $key = > $val)

{

$session [$key] = $val

}

}

}

}

/ / Session is valid!

$this- > userdata = $session

Unset ($session)

Return TRUE

}

/ /-

/ * *

* write read session data to

, /

Function sess_write ()

{

/ / whether to write db or not

If ($this- > sess_use_database = FALSE)

{

$this- > _ set_cookie ()

Return

}

/ / set the custom userdata, the session data we will set in a second

$custom_userdata = $this- > userdata

$cookie_userdata = array ()

/ / Before continuing, we need to determine if there is any custom data to deal with.

/ / Let's determine this by removing the default indexes to see if there's anything left in the array

/ / and set the session data while we're at it

Foreach (array ('session_id','ip_address','user_agent','last_activity') as $val)

{

Unset ($custom_userdata [$val])

$cookie_userdata [$val] = $this- > userdata [$val]

}

/ / Did we find any custom data? If not, we turn the empty array into a string

/ / since there's no reason to serialize and store an empty array in the DB

If (count ($custom_userdata) = = 0)

{

$custom_userdata =''

}

Else

{

/ / Serialize the custom data array so we can store it

$custom_userdata = $this- > _ serialize ($custom_userdata)

}

/ / Update session record

$this- > CI- > db- > where ('session_id', $this- > userdata [' session_id'])

$this- > CI- > db- > update ($this- > sess_table_name, array ('last_activity' = > $this- > userdata [' last_activity'], 'user_data' = > $custom_userdata))

/ / Write the cookie. Notice that we manually pass the cookie data array to the

/ _ set_cookie () function. Normally that function will store $this- > userdata, but

/ / in this case that array contains custom data, which we do not want in the cookie.

$this- > _ set_cookie ($cookie_userdata)

}

/ /-

/ * *

* create a new session

, /

Function sess_create ()

{

/ / ensure the security and uniqueness of sessid

$sessid =''

While (strlen ($sessid)

< 32) { $sessid .= mt_rand(0, mt_getrandmax()); } $sessid .= $this->

CI- > input- > ip_address ()

$this- > userdata = array (

'session_id' = > md5 (uniqid ($sessid, TRUE))

'ip_address' = > $this- > CI- > input- > ip_address ()

'user_agent' = > substr ($this- > CI- > input- > user_agent (), 0120)

'last_activity' = > $this- > now

'user_data' = >''

);

/ / Save the data to the DB if needed

If ($this- > sess_use_database = TRUE)

{

$this- > CI- > db- > query ($this- > CI- > db- > insert_string ($this- > sess_table_name, $this- > userdata))

}

/ / Write the cookie

$this- > _ set_cookie ()

}

/ /-

/ * *

* Update session

, /

Function sess_update ()

{

/ / five-minute update by default

If (($this- > userdata ['last_activity'] + $this- > sess_time_to_update) > = $this- > now)

{

Return

}

/ / Save the old session id so we know which record to

/ / update in the database if we need it

$old_sessid = $this- > userdata ['session_id']

$new_sessid =''

While (strlen ($new_sessid)

< 32) { $new_sessid .= mt_rand(0, mt_getrandmax()); } // To make the session ID even more secure we'll combine it with the user's IP $new_sessid .= $this->

CI- > input- > ip_address ()

/ / Turn it into a hash

$new_sessid = md5 (uniqid ($new_sessid, TRUE))

/ / Update the session data in the session data array

$this- > userdata ['session_id'] = $new_sessid

$this- > userdata ['last_activity'] = $this- > now

/ / _ set_cookie () will handle this for us if we aren't using database sessions

/ / by pushing all userdata to the cookie.

$cookie_data = NULL

/ / update the probability in the database

If ($this- > sess_use_database = TRUE)

{

/ / set cookie explicitly to only have our session data

$cookie_data = array ()

Foreach (array ('session_id','ip_address','user_agent','last_activity') as $val)

{

$cookie_data [$val] = $this- > userdata [$val]

}

$this- > CI- > db- > query ($this- > CI- > db- > update_string ($this- > sess_table_name, array ('last_activity' = > $this- > now,' session_id' = > $new_sessid), array ('session_id' = > $old_sessid)

}

/ / rewrite session

$this- > _ set_cookie ($cookie_data)

}

/ /-

/ * *

* destroy all current session data

, /

Function sess_destroy ()

{

/ / Kill the session DB row

If ($this- > sess_use_database = = TRUE & & isset ($this- > userdata ['session_id']))

{

$this- > CI- > db- > where ('session_id', $this- > userdata [' session_id'])

$this- > CI- > db- > delete ($this- > sess_table_name)

}

/ / Kill the cookie

Setcookie (

$this- > sess_cookie_name

Addslashes (serialize (array ()

($this- > now-31500000)

$this- > cookie_path

$this- > cookie_domain

0

);

/ / Kill session data

$this- > userdata = array ()

}

/ /-

/ * *

* get the value of the specified element in the session array

, /

Function userdata ($item)

{

Return (! Isset ($this- > userdata [$item])? FALSE: $this- > userdata [$item]

}

/ /-

/ * *

* get all session data

, /

Function all_userdata ()

{

Return $this- > userdata

}

/ /-

/ * *

* add and modify custom session data

, /

Function set_userdata ($newdata = array (), $newval ='')

{

If (is_string ($newdata))

{

$newdata = array ($newdata = > $newval)

}

/ / support array combination

If (count ($newdata) > 0)

{

Foreach ($newdata as $key = > $val)

{

$this- > userdata [$key] = $val

}

}

$this- > sess_write ()

}

/ /-

/ * *

* remove elements from the session array

, /

Function unset_userdata ($newdata = array ())

{

If (is_string ($newdata))

{

$newdata = array ($newdata = >'')

}

If (count ($newdata) > 0)

{

Foreach ($newdata as $key = > $val)

{

Unset ($this- > userdata [$key])

}

}

$this- > sess_write ()

}

/ /-

/ * *

* Add or change flashdata, only available

* until the next request

*

* @ access public

* @ param mixed

* @ param string

* @ return void

, /

Function set_flashdata ($newdata = array (), $newval ='')

{

If (is_string ($newdata))

{

$newdata = array ($newdata = > $newval)

}

If (count ($newdata) > 0)

{

Foreach ($newdata as $key = > $val)

{

$flashdata_key = $this- > flashdata_key.':new:'.$key

$this- > set_userdata ($flashdata_key, $val)

}

}

}

/ /-

/ * *

* CI supports flash data, that is, Session data is only available for the next server request, sometimes if you want the request to be valid after the next request.

* the keep_flashdata function is to keep flashing data continuously and make it valid in the next request.

, /

Function keep_flashdata ($key)

{

/ / Mark the flash data as new

$old_flashdata_key = $this- > flashdata_key.':old:'.$key

$value = $this- > userdata ($old_flashdata_key)

$new_flashdata_key = $this- > flashdata_key.':new:'.$key

$this- > set_userdata ($new_flashdata_key, $value)

}

/ /-

/ * *

* obtain flash data

, /

Function flashdata ($key)

{

$flashdata_key = $this- > flashdata_key.':old:'.$key

Return $this- > userdata ($flashdata_key)

}

/ /-

/ * *

* Mark the flash data as old so that _ flashdata_sweep can clear the data

, /

Function _ flashdata_mark ()

{

$userdata = $this- > all_userdata ()

Foreach ($userdata as $name = > $value)

{

$parts = explode (': new:', $name)

If (is_array ($parts) & & count ($parts) = = 2)

{

$new_name = $this- > flashdata_key.':old:'.$parts [1]

$this- > set_userdata ($new_name, $value)

$this- > unset_userdata ($name)

}

}

}

/ /-

/ * *

* flash the flash data marked as old

, /

Function _ flashdata_sweep ()

{

$userdata = $this- > all_userdata ()

Foreach ($userdata as $key = > $value)

{

If (strpos ($key,': old:'))

{

$this- > unset_userdata ($key)

}

}

}

/ / get the current time

Function _ get_time ()

{

If (strtolower ($this- > time_reference) = = 'gmt')

{

$now = time ()

$time = mktime (gmdate ("H", $now), gmdate ("I", $now), gmdate ("s", $now), gmdate ("m", $now), gmdate ("d", $now), gmdate ("Y", $now))

}

Else

{

$time = time ()

}

Return $time

}

/ /-

/ * *

* write to session cookie

*

, /

Function _ set_cookie ($cookie_data = NULL)

{

If (is_null ($cookie_data))

{

$cookie_data = $this- > userdata

}

/ / serialize the array

$cookie_data = $this- > _ serialize ($cookie_data)

/ / encrypt data

If ($this- > sess_encrypt_cookie = = TRUE)

{

$cookie_data = $this- > CI- > encrypt- > encode ($cookie_data)

}

Else

{

/ / if encryption is not used, we provide an md5 hash to prevent userside tampering

$cookie_data = $cookie_data.md5 ($cookie_data.$this- > encryption_key)

}

/ / if sess_expire_on_close is TRUE, browser is closed and session is invalid

$expire = ($this- > sess_expire_on_close = TRUE)? 0: $this- > sess_expiration + time ()

/ / Set the cookie

Setcookie (

$this- > sess_cookie_name

$cookie_data

$expire

$this- > cookie_path

$this- > cookie_domain

$this- > cookie_secure

);

}

/ /-

/ * *

* serialize the array

, /

Function _ serialize ($data)

{

If (is_array ($data))

{

Foreach ($data as $key = > $val)

{

If (is_string ($val))

{

$data [$key] = str_replace ('\\','{slash}}', $val)

}

}

}

Else

{

If (is_string ($data))

{

$data = str_replace ('\','{slash}}', $data)

}

}

Return serialize ($data)

}

/ /-

/ * *

* deserialize the array

, /

Function _ unserialize ($data)

{

$data = @ unserialize (strip_slashes ($data))

If (is_array ($data))

{

Foreach ($data as $key = > $val)

{

If (is_string ($val))

{

$data [$key] = str_replace ('{slash}}','\\', $val)

}

}

Return $data

}

Return (is_string ($data)? Str_replace ('{slash}}','\\', $data): $data

}

/ /-

/ * *

* retrieve / delete invalid session information in the database

, /

Function _ sess_gc ()

{

If ($this- > sess_use_database! = TRUE)

{

Return

}

Srand (time ())

If ((rand () 100)

< $this->

Gc_probability)

{

$expire = $this- > now-$this- > sess_expiration

$this- > CI- > db- > where ("last_activity

< {$expire}"); $this->

CI- > db- > delete ($this- > sess_table_name)

Log_message ('debug',' Session garbage collection performed.')

}

}

}

Thank you for reading, the above is the content of "what is the CI framework Session.php source code", after the study of this article, I believe you have a deeper understanding of what is the CI framework Session.php source code, the specific use of the situation also needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.