...

...

@@ -1,6 +1,5 @@

1

1

<?xml version="1.0" encoding="utf-8"?>

2

2

<!-- $Revision$ -->

3

-

4

3

<phpdoc:classref xml:id="class.sessionhandlerinterface" xmlns:phpdoc="http://php.net/ns/phpdoc" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xi="http://www.w3.org/2001/XInclude">

5

4

6

5

<title>The SessionHandlerInterface class</title>

...

...

@@ -12,11 +11,10 @@

12

11

<section xml:id="sessionhandlerinterface.intro">

13

12

&reftitle.intro;

14

13

<para>

15

-

<classname>SessionHandlerInterface</classname> is an

16

-

<link linkend="language.oop5.interfaces">interface</link> which defines a

14

+

<classname>SessionHandlerInterface</classname> is an interface which defines the minimal

17

15

prototype for creating a custom session handler. In order to pass a custom

18

16

session handler to <function>session_set_save_handler</function> using its

19

-

<literal>OOP</literal> invocation, the class must implement this interface.

17

+

<abbrev>OOP</abbrev> invocation, the class can implement this interface.

20

18

</para>

21

19

<para>

22

20

Please note the callback methods of this class are designed to be called internally by

...

...

@@ -26,28 +24,25 @@

26

24

<!-- }}} -->

27

25

28

26

<section xml:id="sessionhandlerinterface.synopsis">

29

-

&reftitle.classsynopsis;

27

+

&reftitle.interfacesynopsis;

30

28

31

29

<!-- {{{ Synopsis -->

32

-

<classsynopsis>

33

-

<ooclass><classname>SessionHandlerInterface</classname></ooclass>

34

-

35

-

<!-- {{{ Class synopsis -->

36

-

<classsynopsisinfo>

37

-

<ooclass>

38

-

<classname>SessionHandlerInterface</classname>

39

-

</ooclass>

40

-

</classsynopsisinfo>

41

-

<!-- }}} -->

30

+

<classsynopsis class="interface">

31

+

<oointerface>

32

+

<interfacename>SessionHandlerInterface</interfacename>

33

+

</oointerface>

42

34

43

35

<classsynopsisinfo role="comment">&Methods;</classsynopsisinfo>

44

-

<xi:include xpointer="xmlns(db=http://docbook.org/ns/docbook) xpointer(id('class.sessionhandlerinterface')/db:refentry/db:refsect1[@role='description']/descendant::db:methodsynopsis[1])" />

36

+

<xi:include xpointer="xmlns(db=http://docbook.org/ns/docbook) xpointer(id('class.sessionhandlerinterface')/db:refentry/db:refsect1[@role='description']/descendant::db:methodsynopsis[@role='SessionHandlerInterface'])">

37

+

<xi:fallback/>

38

+

</xi:include>

45

39

</classsynopsis>

46

40

<!-- }}} -->

47

41

48

42

</section>

49

43

50

44

<section xml:id="sessionhandlerinterface.examples">

45

+

&reftitle.examples;

51

46

<example>

52

47

<title>

53

48

Example using <classname>SessionHandlerInterface</classname>

...

...

@@ -63,6 +58,15 @@

63

58

register the shutdown function using the function's parameter flag. This is generally

64

59

advised when registering objects as session save handlers.

65

60

</para>

61

+

<caution>

62

+

<para>

63

+

For brevity, this example omits input validation. However, the

64

+

<literal>$id</literal> parameters are actually user supplied values which

65

+

require proper validation/sanitization to avoid vulnerabilities, such as

66

+

path traversal issues. <emphasis>So do not use this example unmodified in

67

+

production environments.</emphasis>

68

+

</para>

69

+

</caution>

66

70

<programlisting role="php">

67

71

<![CDATA[

68

72

<?php

...

...

@@ -70,7 +74,7 @@ class MySessionHandler implements SessionHandlerInterface

70

74

{

71

75

private $savePath;

72

76

73

-

public function open($savePath, $sessionName)

77

+

public function open($savePath, $sessionName): bool

74

78

{

75

79

$this->savePath = $savePath;

76

80

if (!is_dir($this->savePath)) {

...

...

@@ -80,22 +84,23 @@ class MySessionHandler implements SessionHandlerInterface

80

84

return true;

81

85

}

82

86

83

-

public function close()

87

+

public function close(): bool

84

88

{

85

89

return true;

86

90

}

87

91

92

+

#[\ReturnTypeWillChange]

88

93

public function read($id)

89

94

{

90

95

return (string)@file_get_contents("$this->savePath/sess_$id");

91

96

}

92

97

93

-

public function write($id, $data)

98

+

public function write($id, $data): bool

94

99

{

95

100

return file_put_contents("$this->savePath/sess_$id", $data) === false ? false : true;

96

101

}

97

102

98

-

public function destroy($id)

103

+

public function destroy($id): bool

99

104

{

100

105

$file = "$this->savePath/sess_$id";

101

106

if (file_exists($file)) {

...

...

@@ -105,6 +110,7 @@ class MySessionHandler implements SessionHandlerInterface

105

110

return true;

106

111

}

107

112

113

+

#[\ReturnTypeWillChange]

108

114

public function gc($maxlifetime)

109

115

{

110

116

foreach (glob("$this->savePath/sess_*") as $file) {

...

...

@@ -132,7 +138,6 @@ session_start();

132

138

&reference.session.entities.sessionhandlerinterface;

133

139

134

140

</phpdoc:classref>

135

-

136

141

<!-- Keep this comment at the end of the file

137

142

Local variables:

138

143

mode: sgml

139

144