LEPTON CMS 7.0.0
feel free to keep it strictly simple...
Loading...
Searching...
No Matches
lepton_session.php
Go to the documentation of this file.
1<?php
2
3declare(strict_types=1);
4
20class LEPTON_session
21{
22 use LEPTON_singleton;
23
24 public static $instance;
25
26 // Default constructor of the class
27 final public function __construct()
28 {
29 // return the class instance
30 return self::getInstance();
31 }
32
37 public static function init()
38 {
39 }
40
50 public static function set_cookie( $name,
51 $value,
52 $options = array(),
53 $mustExists = false,
54 $mergeDefault = true )
55 {
56 // check if name exists in $_COOKIE
57 if (( true === $mustExists )
58 && ( false === isset( $_COOKIE[ $name ] )))
59 {
60 return null;
61 }
62
63 // clear options, remove empty settings
64 $temp = $options;
65 $options = array();
66 foreach( $temp as $optkey => $optvalue )
67 {
68 if ( $optvalue != "" )
69 { $options[ $optkey ] = $optvalue; }
70 }
71 unset( $temp );
72
73 // merge options array with defaults
74 if ( true === $mergeDefault )
75 {
76 $defaults = self::get_cookie_defaults();
77 $options = array_merge( $defaults, $options );
78 unset( $defaults );
79 }
80
81 // update cookie settings
82 if ( version_compare( PHP_VERSION, '7.3.0', ">=" ))
83 {
84 $return = setcookie( $name,
85 $value,
86 $options
87 );
88 }
89 else
90 {
91 // using a PHP < 7.3 bug to set the samesite attribute
92 // https://stackoverflow.com/questions/39750906/php-setcookie-samesite-strict
93 $return = setcookie( $name,
94 $value,
95 (int) $options[ "expires" ],
96 $options[ "path" ] . ';samesite=' . $options[ "samesite" ],
97 $options[ "domain" ],
98 $options[ "secure" ],
99 $options[ "httponly" ]
100 );
101 }
102
103 return $return;
104 }
105
113 public static function delete_cookie( $name,
114 $value = "",
115 $options = array() )
116 {
117 // check if name exists in $_COOKIE
118 if ( false === isset( $_COOKIE[ $name ] ))
119 {
120 return null; // not exists means also cookie not exists
121 }
122
123 // overwrite session array
124 $_SESSION = array();
125
126 // set/overwrite expire option
127 $options[ "expires" ] = 1; // 01.01.1970 00:00:01
128
129 // delete session cookie if set
130 $return = self::set_cookie( $name, $value, $options );
131
132 // overwrite session array again
133 $_SESSION = array();
134
135 // delete the session itself
136 session_destroy();
137
138 return $return;
139 }
140
145 private static function get_cookie_defaults()
146 {
147 // return the defaults
148 return array(
149 /* session.cookie_lifetime specifies the lifetime of the cookie in seconds which
150 * is sent to the browser. The value 0 means "until the browser is closed."
151 * Defaults to 0. */
152 "expires" => time() + ( 3 * 3600 ), // three hours
153
154 /* session.cookie_path specifies path to set in the session cookie. Defaults to /. */
155 "path" => "/",
156
157 /* session.cookie_domain specifies the domain to set in the session cookie.
158 * Default is none at all meaning the host name of the server which generated
159 * the cookie according to cookies specification. */
160 "domain" => "",
161
162 /* session.cookie_secure specifies whether cookies should only be sent over secure
163 * connections. Defaults to off. */
164 "secure" => ( isset( $_SERVER['HTTPS'] )
165 ? ( strtolower( $_SERVER[ 'HTTPS' ] ) == "on" )
166 : false
167 ),
168
169 /* session.cookie_httponly Marks the cookie as accessible only through the HTTP protocol.
170 * This means that the cookie won't be accessible by scripting languages
171 * , such as JavaScript. This setting can effectively help to reduce identity theft
172 * through XSS attacks (although it is not supported by all browsers). */
173 "httponly" => true,
174
175 /* session.cookie_samesite allows servers to assert that a cookie ought not to be sent
176 * along with cross-site requests. This assertion allows user agents to mitigate the
177 * risk of cross-origin information leakage, and provides some protection against
178 * cross-site request forgery attacks. Note that this is not supported by all browsers.
179 * An empty value means that no SameSite cookie attribute will be set.
180 * Lax and Strict mean that the cookie will not be sent cross-domain for POST requests;
181 * Lax will sent the cookie for cross-domain GET requests, while Strict will not. */
182 "samesite" => "Lax"
183 );
184 }
185
190 public static function destroy()
191 {
192
193 }
194
199 public static function test()
200 {
201
202 }
203}
$temp
$temp
Definition class.secure.php:20
LEPTON_session
Definition lepton_session.php:21
LEPTON_session\__construct
__construct()
Definition lepton_session.php:27
LEPTON_session\set_cookie
static set_cookie( $name, $value, $options=array(), $mustExists=false, $mergeDefault=true)
Definition lepton_session.php:50
LEPTON_session\test
static test()
Definition lepton_session.php:199
LEPTON_session\destroy
static destroy()
Definition lepton_session.php:190
LEPTON_session\init
static init()
Definition lepton_session.php:37
LEPTON_session\delete_cookie
static delete_cookie( $name, $value="", $options=array())
Definition lepton_session.php:113
LEPTON_session\$instance
static $instance
Definition lepton_session.php:24
LEPTON_singleton
trait LEPTON_singleton
Definition lepton_singleton.php:27