Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.
   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * File based session handler.
  19   *
  20   * @package    core
  21   * @copyright  2013 Petr Skoda {@link http://skodak.org}
  22   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23   */
  24  
  25  namespace core\session;
  26  
  27  defined('MOODLE_INTERNAL') || die();
  28  
  29  /**
  30   * File based session handler.
  31   *
  32   * @package    core
  33   * @copyright  2013 Petr Skoda {@link http://skodak.org}
  34   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  35   */
  36  class file extends handler {
  37      /** @var string session dir */
  38      protected $sessiondir;
  39  
  40      /**
  41       * Create new instance of handler.
  42       */
  43      public function __construct() {
  44          global $CFG;
  45  
  46          if (!empty($CFG->session_file_save_path)) {
  47              $this->sessiondir = $CFG->session_file_save_path;
  48          } else {
  49              $this->sessiondir = "$CFG->dataroot/sessions";
  50          }
  51      }
  52  
  53      /**
  54       * Init session handler.
  55       */
  56      public function init() {
  57          if (preg_match('/^[0-9]+;/', $this->sessiondir)) {
  58              throw new exception('sessionhandlerproblem', 'error', '', null, 'Multilevel session directories are not supported');
  59          }
  60          // Make sure session directory exists and is writable.
  61          make_writable_directory($this->sessiondir, false);
  62          if (!is_writable($this->sessiondir)) {
  63              throw new exception('sessionhandlerproblem', 'error', '', null, 'Session directory is not writable');
  64          }
  65          // Need to disable debugging since disk_free_space()
  66          // will fail on very large partitions (see MDL-19222).
  67          $freespace = @disk_free_space($this->sessiondir);
  68          // MDL-43039: disk_free_space() returns null if disabled.
  69          if (!($freespace > 2048) and ($freespace !== false) and ($freespace !== null)) {
  70              throw new exception('sessiondiskfull', 'error');
  71          }
  72  
  73          // NOTE: we cannot set any lock acquiring timeout here - bad luck.
  74          ini_set('session.save_handler', 'files');
  75          ini_set('session.save_path', $this->sessiondir);
  76      }
  77  
  78      /**
  79       * Check the backend contains data for this session id.
  80       *
  81       * Note: this is intended to be called from manager::session_exists() only.
  82       *
  83       * @param string $sid
  84       * @return bool true if session found.
  85       */
  86      public function session_exists($sid) {
  87          $sid = clean_param($sid, PARAM_FILE);
  88          if (!$sid) {
  89              return false;
  90          }
  91          $sessionfile = "$this->sessiondir/sess_$sid";
  92          return file_exists($sessionfile);
  93      }
  94  
  95      /**
  96       * Kill all active sessions, the core sessions table is
  97       * purged afterwards.
  98       */
  99      public function kill_all_sessions() {
 100          if (is_dir($this->sessiondir)) {
 101              foreach (glob("$this->sessiondir/sess_*") as $filename) {
 102                  @unlink($filename);
 103              }
 104          }
 105      }
 106  
 107      /**
 108       * Kill one session, the session record is removed afterwards.
 109       * @param string $sid
 110       */
 111      public function kill_session($sid) {
 112          $sid = clean_param($sid, PARAM_FILE);
 113          if (!$sid) {
 114              return;
 115          }
 116          $sessionfile = "$this->sessiondir/sess_$sid";
 117          if (file_exists($sessionfile)) {
 118              @unlink($sessionfile);
 119          }
 120      }
 121  }