oxsession.php

Go to the documentation of this file.
00001 <?php
00002 
00003 DEFINE('_DB_SESSION_HANDLER', getShopBasePath() . 'core/adodblite/session/adodb-session.php');
00004 // Including database session managing class if needed.
00005 if (oxConfig::getInstance()->getConfigParam( 'blAdodbSessionHandler' ) ) {
00006     $oDB = oxDb::getDb();
00007     include_once _DB_SESSION_HANDLER;
00008 }
00009 
00015 class oxSession extends oxSuperCfg
00016 {
00022     protected $_sName = 'sid';
00023 
00029     protected $_sForcedPrefix = 'force_';
00030 
00035     protected  $_sId     = null;
00036 
00042     protected static $_blIsNewSession = false;
00043 
00047     protected static $_instance = null;
00048 
00053     protected static  $_oUser = null;
00054 
00061     protected $_blNewSession = false;
00062 
00068     protected $_blForceNewSession = false;
00069 
00075     protected $_sErrorMsg = null;
00076 
00082     protected $_oBasket = null;
00083 
00089     protected $_oBasketReservations = null;
00090 
00096     protected $_blStarted = false;
00097 
00106     protected $_aRequireSessionWithParams = array(
00107                        'cl' => array (
00108                             'register' => true,
00109                             'account'  => true,
00110                            ),
00111                        'fnc' => array (
00112                            'tobasket'         => true,
00113                            'login_noredirect' => true,
00114                            'tocomparelist'    => true,
00115                            ),
00116                        '_artperpage' => true,
00117                        'ldtype'      => true,
00118                        'listorderby' => true,
00119     );
00120 
00126     protected $_blSidNeeded = null;
00127 
00133     protected $_aPersistentParams = array("actshop", "lang", "currency", "language", "tpllanguage");
00134 
00140     public static function getInstance()
00141     {
00142         if ( defined('OXID_PHP_UNIT')) {
00143             if ( isset( modSession::$unitMOD) && is_object( modSession::$unitMOD)) {
00144                 return modSession::$unitMOD;
00145             }
00146         }
00147         if (!isset(self::$_instance)) {
00148             self::$_instance  = oxNew( 'oxsession' );
00149         }
00150         return self::$_instance;
00151     }
00152 
00158     public function getId()
00159     {
00160         return $this->_sId;
00161     }
00162 
00170     public function setId($sVal)
00171     {
00172         $this->_sId = $sVal;
00173     }
00174 
00182     public function setName($sVal)
00183     {
00184         $this->_sName = $sVal;
00185     }
00186 
00192     public function getForcedName()
00193     {
00194         return $this->_sForcedPrefix . $this->getName();
00195     }
00196 
00202     public function getName()
00203     {
00204         return $this->_sName;
00205     }
00206 
00212     public function start()
00213     {
00214         $myConfig = $this->getConfig();
00215         $sid = null;
00216 
00217         if ( $this->isAdmin() ) {
00218             $this->setName("admin_sid");
00219         } else {
00220             $this->setName("sid");
00221         }
00222 
00223         $sForceSidParam = oxConfig::getParameter($this->getForcedName());
00224         $sSidParam = oxConfig::getParameter($this->getName());
00225 
00226         //forcing sid for SSL<->nonSSL transitions
00227         if ($sForceSidParam) {
00228             $sid = $sForceSidParam;
00229         } elseif ($this->_getSessionUseCookies() && $this->_getCookieSid()) {
00230             $sid = $this->_getCookieSid();
00231         } elseif ($sSidParam) {
00232             $sid = $sSidParam;
00233         }
00234 
00235         //starting session if only we can
00236         if ( $this->_allowSessionStart() ) {
00237 
00238             //creating new sid
00239             if ( !$sid ) {
00240                 self::$_blIsNewSession = true;
00241                 $this->initNewSession();
00242             } else {
00243                 self::$_blIsNewSession = false;
00244                 $this->_setSessionId( $sid );
00245                 $this->_sessionStart();
00246             }
00247 
00248             //special handling for new ZP cluster session, as in that case session_start() regenerates id
00249             if ( $this->_sId != session_id() ) {
00250                 $this->_setSessionId( session_id() );
00251             }
00252 
00253             //checking for swapped client
00254             $blSwapped = $this->_isSwappedClient();
00255             if ( !self::$_blIsNewSession && $blSwapped ) {
00256                 $this->initNewSession();
00257 
00258                 // passing notification about session problems
00259                 if ( $this->_sErrorMsg && $myConfig->getConfigParam( 'iDebug' ) ) {
00260                     oxUtilsView::getInstance()->addErrorToDisplay( new oxException( $this->_sErrorMsg ) );
00261                 }
00262             } elseif ( !$blSwapped ) {
00263                 // transferring cookies between hosts
00264                 oxUtilsServer::getInstance()->loadSessionCookies();
00265             }
00266         }
00267     }
00268 
00274     public function getRequestChallengeToken()
00275     {
00276         return preg_replace('/[^a-z0-9]/i', '', oxConfig::getParameter('stoken'));
00277     }
00278 
00284     public function getSessionChallengeToken()
00285     {
00286         $sRet = preg_replace('/[^a-z0-9]/i', '', self::getVar('sess_stoken'));
00287         if (!$sRet) {
00288             $this->_initNewSessionChallenge();
00289             $sRet = self::getVar('sess_stoken');
00290         }
00291         return $sRet;
00292     }
00293 
00300     public function checkSessionChallenge()
00301     {
00302         $sToken = $this->getSessionChallengeToken();
00303         return $sToken && ($sToken == $this->getRequestChallengeToken());
00304     }
00305 
00311     protected function _initNewSessionChallenge()
00312     {
00313         self::setVar('sess_stoken', sprintf('%X', crc32(oxUtilsObject::getInstance()->generateUID())));
00314     }
00315 
00321     protected function _sessionStart()
00322     {
00323         //enforcing no caching when session is started
00324         session_cache_limiter( 'nocache' );
00325 
00326         //cache limiter workaround for AOL browsers
00327         //as suggested at http://ilia.ws/archives/59-AOL-Browser-Woes.html
00328         if (strpos($_SERVER['HTTP_USER_AGENT'], 'AOL') !== false ) {
00329             session_cache_limiter(false);
00330             header("Cache-Control: no-store, private, must-revalidate, proxy-revalidate, post-check=0, pre-check=0, max-age=0, s-maxage=0");
00331         }
00332 
00333         $this->_blStarted = @session_start();
00334         if ( !$this->getSessionChallengeToken() ) {
00335             $this->_initNewSessionChallenge();
00336         }
00337 
00338         return $this->_blStarted;
00339     }
00340 
00346     public function initNewSession()
00347     {
00348         // starting session only if it was not started yet
00349         if ( self::$_blIsNewSession ) {
00350             $this->_sessionStart();
00351         }
00352 
00353         //saving persistent params if old session exists
00354         $aPersistent = array();
00355         foreach ( $this->_aPersistentParams as $sParam ) {
00356             if ( ( $sValue = self::getVar( $sParam ) ) ) {
00357                 $aPersistent[$sParam] = $sValue;
00358             }
00359         }
00360 
00361         $this->_setSessionId( $this->_getNewSessionId() );
00362 
00363         //restoring persistent params to session
00364         foreach ( $aPersistent as $sKey => $sParam ) {
00365             self::setVar( $sKey, $aPersistent[$sKey] );
00366         }
00367 
00368         $this->_initNewSessionChallenge();
00369 
00370         // (re)setting actual user agent when initiating new session
00371         self::setVar( "sessionagent", oxUtilsServer::getInstance()->getServerVar( 'HTTP_USER_AGENT' ) );
00372     }
00373 
00379     public function regenerateSessionId()
00380     {
00381         // starting session only if it was not started yet
00382         if ( self::$_blIsNewSession ) {
00383             $this->_sessionStart();
00384 
00385             // (re)setting actual user agent when initiating new session
00386             self::setVar( "sessionagent", oxUtilsServer::getInstance()->getServerVar( 'HTTP_USER_AGENT' ) );
00387         }
00388 
00389         $this->_setSessionId( $this->_getNewSessionId( false ) );
00390         $this->_initNewSessionChallenge();
00391     }
00392 
00401     protected function _getNewSessionId( $blUnset = true )
00402     {
00403         $sOldId = session_id();
00404         session_regenerate_id( ! oxConfig::getInstance()->getConfigParam( 'blAdodbSessionHandler' ) );
00405         $sNewId = session_id();
00406 
00407         if ( $blUnset ) {
00408             session_unset();
00409         }
00410 
00411         if ( oxConfig::getInstance()->getConfigParam( 'blAdodbSessionHandler' ) ) {
00412             $oDB = oxDb::getDb();
00413             $oDB->execute("UPDATE oxsessions SET SessionID = ".$oDB->quote( $sNewId )." WHERE SessionID = ".$oDB->quote( $sOldId ) );
00414         }
00415 
00416         return session_id();
00417     }
00418 
00424     public function freeze()
00425     {
00426         // storing basket ..
00427         self::setVar( $this->_getBasketName(), serialize( $this->getBasket() ) );
00428 
00429         session_write_close();
00430     }
00431 
00437     public function destroy()
00438     {
00439         //session_unset();
00440         unset($_SESSION);
00441         session_destroy();
00442     }
00443 
00451     public static function hasVar( $name )
00452     {
00453         if ( defined( 'OXID_PHP_UNIT' ) ) {
00454             if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
00455                 try{
00456                     $sVal = modSession::getInstance()->getVar( $name );
00457                     return isset( $sVal );
00458                 } catch( Exception $e ) {
00459                     // if exception is thrown, use default
00460                 }
00461             }
00462         }
00463 
00464         return isset($_SESSION[$name]);
00465     }
00466 
00475     public static function setVar( $name, $value)
00476     {
00477         if ( defined( 'OXID_PHP_UNIT' ) ) {
00478             if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
00479                 try{
00480                     return modSession::getInstance()->setVar(  $name, $value );
00481                 } catch( Exception $e ) {
00482                     // if exception is thrown, use default
00483                 }
00484             }
00485         }
00486 
00487         $_SESSION[$name] = $value;
00488         //logger( "set sessionvar : $name -> $value");
00489     }
00490 
00498     public static function getVar( $name )
00499     {
00500         if ( defined( 'OXID_PHP_UNIT' ) ) {
00501             if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
00502                 try{
00503                     return modSession::getInstance()->getVar( $name );
00504                 } catch( Exception $e ) {
00505                     // if exception is thrown, use default
00506                 }
00507             }
00508         }
00509 
00510         if ( isset( $_SESSION[$name] )) {
00511             return $_SESSION[$name];
00512         } else {
00513             return null;
00514         }
00515     }
00516 
00524     public static function deleteVar( $name )
00525     {
00526         if ( defined( 'OXID_PHP_UNIT' ) ) {
00527             if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
00528                 try{
00529                     return modSession::getInstance()->setVar( $name, null );
00530                 } catch( Exception $e ) {
00531                     // if exception is thrown, use default
00532                 }
00533             }
00534         }
00535 
00536         $_SESSION[$name] = null;
00537         //logger( "delete sessionvar : $name");
00538         unset($_SESSION[$name]);
00539     }
00540 
00550     public function sid( $blForceSid = false )
00551     {
00552         $myConfig     = $this->getConfig();
00553         $blUseCookies = $this->_getSessionUseCookies();
00554         $sRet         = '';
00555 
00556         $blDisableSid = oxUtils::getInstance()->isSearchEngine()
00557                         && is_array($myConfig->getConfigParam( 'aCacheViews' ) )
00558                         && !$this->isAdmin();
00559 
00560         //no cookie?
00561         if ( !$blDisableSid && $this->getId() && ($blForceSid || !$blUseCookies || !$this->_getCookieSid())) {
00562             $sRet = ( $blForceSid ? $this->getForcedName() : $this->getName() )."=".$this->getId();
00563         }
00564 
00565         if ($this->isAdmin()) {
00566             // admin mode always has to have token
00567             if ($sRet) {
00568                 $sRet .= '&amp;';
00569             }
00570             $sRet .= 'stoken='.$this->getSessionChallengeToken();
00571         }
00572 
00573         return $sRet;
00574     }
00575 
00581     public function hiddenSid()
00582     {
00583         $sToken = "<input type=\"hidden\" name=\"stoken\" value=\"".$this->getSessionChallengeToken(). "\">";
00584         $sSid   = "<input type=\"hidden\" name=\"".$this->getForcedName()."\" value=\"". $this->getId() . "\">";
00585         return $sToken.$sSid;
00586     }
00587 
00593     public function getBasket()
00594     {
00595         if ( $this->_oBasket === null ) {
00596             $sBasket = self::getVar( $this->_getBasketName() );
00597 
00598             //init oxbasketitem class first
00599             //#1746
00600             oxNew('oxbasketitem');
00601 
00602             $oBasket = ( $sBasket && ( $oBasket = unserialize( $sBasket ) ) ) ? $oBasket : oxNew( 'oxbasket' );
00603             $this->setBasket( $oBasket );
00604         }
00605 
00606         return $this->_oBasket;
00607     }
00608 
00616     public function setBasket( $oBasket )
00617     {
00618         // sets basket session object
00619         $this->_oBasket = $oBasket;
00620     }
00621 
00627     public function delBasket()
00628     {
00629         $this->setBasket( null );
00630         self::deleteVar( $this->_getBasketName());
00631     }
00632 
00638     public function isNewSession()
00639     {
00640         return self::$_blIsNewSession;
00641     }
00642 
00649     public function setForceNewSession()
00650     {
00651         $this->_blForceNewSession = true;
00652     }
00653 
00661     public function isSidNeeded( $sUrl = null )
00662     {
00663         if ( $this->_getSessionUseCookies() && $this->_getCookieSid() ) {
00664             // switching from ssl to non ssl or vice versa?
00665             if ( ( strpos( $sUrl, "https:" ) === 0 && !$this->getConfig()->isSsl() ) ||
00666                  ( strpos( $sUrl, "http:" ) === 0 && $this->getConfig()->isSsl() ) ) {
00667                 return true;
00668             }
00669         }
00670 
00671         if ( $sUrl && !$this->getConfig()->isCurrentUrl( $sUrl ) ) {
00672             return true;
00673         } elseif ( $this->_blSidNeeded === null ) {
00674             // setting initial state
00675             $this->_blSidNeeded = false;
00676 
00677             // no SIDs for seach engines
00678             if ( !oxUtils::getInstance()->isSearchEngine() ) {
00679                 // cookie found - SID is not needed
00680                 if ( oxUtilsServer::getInstance()->getOxCookie( $this->getName() ) ) {
00681                     $this->_blSidNeeded = false;
00682                 } elseif ( $this->_forceSessionStart() ) {
00683                     $this->_blSidNeeded = true;
00684                 } else {
00685                     // no cookie, so must check session
00686                     if ( $blSidNeeded = self::getVar( 'blSidNeeded' ) ) {
00687                         $this->_blSidNeeded = true;
00688                     } elseif ( $this->_isSessionRequiredAction() ) {
00689                         $this->_blSidNeeded = true;
00690 
00691                         // storing to session, performance..
00692                         self::setVar( 'blSidNeeded', $this->_blSidNeeded  );
00693                     }
00694                 }
00695             }
00696         }
00697 
00698         return $this->_blSidNeeded;
00699     }
00700 
00712     public function processUrl( $sUrl )
00713     {
00714         $sSid = $this->sid( $this->isSidNeeded( $sUrl ) );
00715         if ($sSid) {
00716             $oStr = getStr();
00717             $aUrlParts = explode( '#', $sUrl );
00718             if ( !$oStr->preg_match('/(\?|&(amp;)?)sid=/i', $aUrlParts[0]) && (false === $oStr->strpos($aUrlParts[0], $sSid))) {
00719                 if (!$oStr->preg_match('/(\?|&(amp;)?)$/', $sUrl)) {
00720                     $aUrlParts[0] .= ( $oStr->strstr( $aUrlParts[0], '?' ) !== false ?  '&amp;' : '?' );
00721                 }
00722                 $aUrlParts[0] .= $sSid . '&amp;';
00723             }
00724             $sUrl = join( '#', $aUrlParts );
00725         }
00726         return $sUrl;
00727     }
00728 
00738     public function getRemoteAccessToken($blGenerateNew = true)
00739     {
00740         $sToken = $this->getVar('_rtoken');
00741         if (!$sToken && $blGenerateNew) {
00742             $sToken = md5(rand() . $this->getId());
00743             $sToken = substr($sToken, 0, 8);
00744             self::setVar('_rtoken', $sToken);
00745         }
00746 
00747         return $sToken;
00748     }
00749 
00756     protected function _forceSessionStart()
00757     {
00758         return ( !oxUtils::getInstance()->isSearchEngine() ) && ( (( bool ) $this->getConfig()->getConfigParam( 'blForceSessionStart' )) || oxConfig::getParameter( "su" ) || $this->_blForceNewSession );
00759     }
00760 
00766     protected function _allowSessionStart()
00767     {
00768         $blAllowSessionStart = true;
00769 
00770         // special handling only in non-admin mode
00771         if ( !$this->isAdmin() ) {
00772             if ( oxUtils::getInstance()->isSearchEngine() || oxConfig::getParameter( 'skipSession' ) ) {
00773                 $blAllowSessionStart = false;
00774             } elseif ( !$this->_forceSessionStart() && !oxUtilsServer::getInstance()->getOxCookie( 'sid_key' ) ) {
00775 
00776                 // session is not needed to start when it is not necessary:
00777                 // - no sid in request and also user executes no session connected action
00778                 // - no cookie set and user executes no session connected action
00779                 if ( !oxUtilsServer::getInstance()->getOxCookie( $this->getName() ) &&
00780                      !( oxConfig::getParameter( $this->getName() ) || oxConfig::getParameter( $this->getForcedName() ) ) &&
00781                      !$this->_isSessionRequiredAction() ) {
00782                     $blAllowSessionStart = false;
00783                 }
00784             }
00785         }
00786 
00787         return $blAllowSessionStart;
00788     }
00789 
00797     protected function _isSwappedClient()
00798     {
00799         $blSwapped = false;
00800         $myUtilsServer = oxUtilsServer::getInstance();
00801 
00802         // check only for non search engines
00803         if ( !oxUtils::getInstance()->isSearchEngine() && !$myUtilsServer->isTrustedClientIp() && !$this->_isValidRemoteAccessToken()) {
00804 
00805             $myConfig = $this->getConfig();
00806 
00807             // checking if session user agent matches actual
00808             $blSwapped = $this->_checkUserAgent( $myUtilsServer->getServerVar( 'HTTP_USER_AGENT' ), self::getVar( 'sessionagent' ) );
00809             if ( !$blSwapped ) {
00810                 if ( $myConfig->getConfigParam( 'blAdodbSessionHandler' ) ) {
00811                     $blSwapped = $this->_checkSid();
00812                 }
00813 
00814                 if ( !$blSwapped ) {
00815                     $blDisableCookieCheck = $myConfig->getConfigParam( 'blDisableCookieCheck' );
00816                     $blUseCookies         = $this->_getSessionUseCookies();
00817                     if ( !$blDisableCookieCheck && $blUseCookies ) {
00818                         $blSwapped = $this->_checkCookies( $myUtilsServer->getOxCookie( 'sid_key' ), self::getVar( "sessioncookieisset" ) );
00819                     }
00820                 }
00821             }
00822         }
00823 
00824         return $blSwapped;
00825     }
00826 
00835     protected function _checkUserAgent( $sAgent, $sExistingAgent )
00836     {
00837         $blCheck = false;
00838 
00839         // processing
00840         $oUtils = oxUtilsServer::getInstance();
00841         $sAgent = $oUtils->processUserAgentInfo( $sAgent );
00842         $sExistingAgent = $oUtils->processUserAgentInfo( $sExistingAgent );
00843 
00844         if ( $sAgent && $sAgent !== $sExistingAgent ) {
00845             if ( $sExistingAgent ) {
00846                 $this->_sErrorMsg = "Different browser ({$sExistingAgent}, {$sAgent}), creating new SID...<br>";
00847             }
00848             $blCheck = true;
00849         }
00850 
00851         return $blCheck;
00852     }
00853 
00859     protected function _checkSid()
00860     {
00861         $oDb = oxDb::getDb();
00862         //matze changed sesskey to SessionID because structure of oxsession changed!!
00863         $sSID = $oDb->GetOne("select SessionID from oxsessions where SessionID = ".$oDb->quote( $this->getId() ));
00864 
00865         //2007-05-14
00866         //we check _blNewSession as well as this may be actually new session not written to db yet
00867         if ( !$this->_blNewSession && (!isset( $sSID) || !$sSID)) {
00868             // this means, that this session has expired in the past and someone uses this sid to reactivate it
00869             $this->_sErrorMsg = "Session has expired in the past and someone uses this sid to reactivate it, creating new SID...<br>";
00870             return true;
00871         }
00872         return false;
00873     }
00874 
00884     protected function _checkCookies( $sCookieSid, $aSessCookieSetOnce )
00885     {
00886         $blSwapped = false;
00887         $myConfig  = $this->getConfig();
00888         $sCurrUrl  = $myConfig->isSsl() ? $myConfig->getSslShopUrl( 0 ) : $myConfig->getShopUrl( 0 );
00889 
00890         $blSessCookieSetOnce = false;
00891         if ( isset( $aSessCookieSetOnce[$sCurrUrl] ) ) {
00892             $blSessCookieSetOnce = $aSessCookieSetOnce[$sCurrUrl];
00893         }
00894 
00895         //if cookie was there once but now is gone it means we have to reset
00896         if ( $blSessCookieSetOnce && !$sCookieSid ) {
00897             if ( $myConfig->getConfigParam( 'iDebug' ) ) {
00898                 $this->_sErrorMsg  = "Cookie not found, creating new SID...<br>";
00899                 $this->_sErrorMsg .= "Cookie: $sCookieSid<br>";
00900                 $this->_sErrorMsg .= "Session: $blSessCookieSetOnce<br>";
00901                 $this->_sErrorMsg .= "URL: ".$sCurrUrl."<br>";
00902             }
00903             $blSwapped = true;
00904         }
00905 
00906         //if we detect the cookie then set session var for possible later use
00907         if ( $sCookieSid == "oxid" && !$blSessCookieSetOnce ) {
00908             $aSessCookieSetOnce[$sCurrUrl] = "ox_true";
00909             self::setVar( "sessioncookieisset", $aSessCookieSetOnce );
00910         }
00911 
00912         //if we have no cookie then try to set it
00913         if ( !$sCookieSid ) {
00914             oxUtilsServer::getInstance()->setOxCookie( 'sid_key', 'oxid' );
00915         }
00916         return $blSwapped;
00917     }
00918 
00926     protected function _setSessionId($sSessId)
00927     {
00928         //marking this session as new one, as it might be not writen to db yet
00929         if ( $sSessId && session_id() != $sSessId ) {
00930             $this->_blNewSession = true;
00931         }
00932 
00933         session_id( $sSessId );
00934 
00935         $this->setId( $sSessId );
00936 
00937         $blUseCookies = $this->_getSessionUseCookies();
00938 
00939         if ( !$this->_allowSessionStart() ) {
00940             if ( $blUseCookies ) {
00941                 oxUtilsServer::getInstance()->setOxCookie( $this->getName(), null );
00942             }
00943             return;
00944         }
00945 
00946         if ( $blUseCookies ) {
00947             //setting session cookie
00948             oxUtilsServer::getInstance()->setOxCookie( $this->getName(), $sSessId );
00949         }
00950     }
00951 
00957     protected function _getBasketName()
00958     {
00959         $myConfig = $this->getConfig();
00960         if ( $myConfig->getConfigParam( 'blMallSharedBasket' ) == 0 ) {
00961             return $myConfig->getShopId()."_basket";
00962         }
00963         return "basket";
00964     }
00965 
00971     protected function _getCookieSid()
00972     {
00973         return oxUtilsServer::getInstance()->getOxCookie($this->getName());
00974     }
00975 
00982     protected function _getRequireSessionWithParams()
00983     {
00984         $aCfgArray = $this->getConfig()->getConfigParam('aRequireSessionWithParams');
00985         if (is_array($aCfgArray)) {
00986             $aDefault = $this->_aRequireSessionWithParams;
00987             foreach ($aCfgArray as $key => $val) {
00988                 if (!is_array($val) && $val) {
00989                     unset($aDefault[$key]);
00990                 }
00991             }
00992             return array_merge_recursive($aCfgArray, $aDefault);
00993         }
00994         return $this->_aRequireSessionWithParams;
00995     }
00996 
01002     protected function _isSessionRequiredAction()
01003     {
01004         foreach ($this->_getRequireSessionWithParams() as $sParam => $aValues) {
01005             $sValue = oxConfig::getParameter( $sParam );
01006             if (isset($sValue)) {
01007                 if (is_array($aValues)) {
01008                     if (isset($aValues[$sValue]) && $aValues[$sValue]) {
01009                         return true;
01010                     }
01011                 } elseif ($aValues) {
01012                     return true;
01013                 }
01014             }
01015         }
01016 
01017         return ($_SERVER['REQUEST_METHOD'] == 'POST');
01018     }
01019 
01025     protected function _getSessionUseCookies()
01026     {
01027         return $this->isAdmin() || $this->getConfig()->getConfigParam( 'blSessionUseCookies');
01028     }
01029 
01035     protected function _isValidRemoteAccessToken()
01036     {
01037         $sInputToken = oxConfig::getParameter('rtoken');
01038         $sToken = $this->getRemoteAccessToken(false);
01039         $blTokenEqual = !(bool)strcmp($sInputToken, $sToken);
01040         $blValid = $sInputToken && $blTokenEqual;
01041 
01042         return $blValid;
01043     }
01044 
01050     public function getBasketReservations()
01051     {
01052         if (!$this->_oBasketReservations) {
01053             $this->_oBasketReservations = oxNew('oxBasketReservation');
01054         }
01055         return $this->_oBasketReservations;
01056     }
01057 
01063     public function isHeaderSent()
01064     {
01065         return headers_sent();
01066     }
01067 
01073     public function isSessionStarted()
01074     {
01075         return $this->_blStarted;
01076     }
01077 }