|
|
|
File: C:/usr/local/lib/php/blueshoes-4.2/core/net/http/session/Bs_SessionPhp.class.php
BlueShoes Application Framework - net/http/session
Bs_Session
Bs_Object
|
+-- Bs_Session
this is not implemented. instead of using bs_sessionFile you could use
|
public class Bs_Session extends Bs_Object
this is not implemented. instead of using bs_sessionFile you could use
php's session handling, wrapped into a class.
| Authors | |
| Version | 4.0.$id$ |
| Copyright | blueshoes.org |
|
| |
|
Direct known subclasses: Bs_SessionFile
|
|
Methods inherited from Bs_Object |
| isex, isexception, tostring, tohtml, persist, unpersist, bs_object, bbsetoutput, bbawake, bbisawake, bbxmsg, bbxfunctionstart, bbxfunctionend, bbxecho, bbxvar, bbxvardump, bbforcetrace, bbbufferstart, bbbufferget, bbbufferendflush, bbbufferendclean |
|
|
|
Private Method Summary |
| void |
doItYourself()initializes the object. |
| bool |
_checkIntegrity()Checks if the session still exists and if the user is allowed to use the |
| void |
start()starts a new session. |
| void |
destroy()Warning: documentation is missing. |
| void |
getSid()Warning: documentation is missing. |
| void |
setSid()Warning: documentation is missing. |
|
Private Field Summary |
| string |
$sidthe session id |
|
Private Constant Summary |
| BS_SESSION_VERSION |
>>4.0.$x$<< |
Warning: documentation is missing. |
|
Public Method Details |
Bs_Session |
|
public void Bs_Session( )
|
| |
Constructor.
|
| Returns |
void |
|
register |
|
public void register( string $name )
|
| |
add a var to the session
|
| Parameter |
|
|
| Returns |
void |
|
unRegister |
|
public void unRegister( )
|
| |
add a var to the session
|
| Returns |
void |
|
|
Private Method Details |
doItYourself |
|
private void doItYourself( )
|
| |
initializes the object.
at first it tries to read the sid from the cookie, if not availableit tries to read it from the querystring. if one of them is availabewe have to do checkIntegrity(). if not we start() a new session.
|
| Returns |
void |
|
_checkIntegrity |
|
private bool _checkIntegrity( )
|
| |
Checks if the session still exists and if the user is allowed to use the
sid he wants to use.If we reuse a previously created session by getting the sid from thequerystring (and not from a cookie), we have a possible hole. someonemight send his url (with sid included) to someone else, and this personpastes it into the browser. see the problem. so what we do is check theclass c network of the ip address (proxies might switch ip's).this still leaves room for ppl trading url's int he same company/usingthe same isp, but what can we do. check browser string? hmm maybe. wellthis is internal anyway and you shouldn't care.
|
| Returns |
bool |
|
start |
|
private void start( )
|
| |
starts a new session.
|
| Returns |
void |
|
destroy |
|
private void destroy( )
|
| |
Warning: documentation is missing.
|
| Returns |
void |
|
getSid |
|
private void getSid( )
|
| |
Warning: documentation is missing.
|
| Returns |
void |
|
setSid |
|
private void setSid( )
|
| |
Warning: documentation is missing.
|
| Returns |
void |
|
|
Private Field Details |
$sid |
|
private string $sid
>>
the session id
|
|
|
Private Constant Details |
BS_SESSION_VERSION
define( BS_SESSION_VERSION, >>4.0.$x$<< )
Case: default: case sensitive
|
|
|
|
|
|
| PHPDoc 1.0beta |
