oxsession.php

Go to the documentation of this file.
00001 <?php
00002 
00003 DEFINE('_DB_SESSION_HANDLER', getShopBasePath() . 'core/adodblite/session/adodb-session.php');
00004 // Including database session managing class if needed.
00005 if (oxConfig::getInstance()->getConfigParam( 'blAdodbSessionHandler' ) ) {
00006     $oDB = oxDb::getDb();
00007     include_once _DB_SESSION_HANDLER;
00008 }
00009 
00015 class oxSession extends oxSuperCfg
00016 {
00022     protected $_sName = 'sid';
00023 
00029     protected $_sForcedPrefix = 'force_';
00030 
00035     protected  $_sId     = null;
00036 
00042     protected static $_blIsNewSession = false;
00043 
00047     protected static $_instance = null;
00048 
00053     protected static  $_oUser = null;
00054 
00061     protected $_blNewSession = false;
00062 
00068     protected $_blForceNewSession = false;
00069 
00075     protected $_sErrorMsg = null;
00076 
00082     protected $_oBasket = null;
00083 
00089     protected $_oBasketReservations = null;
00090 
00096     protected $_blStarted = false;
00097 
00106     protected $_aRequireSessionWithParams = array(
00107                        'cl' => array (
00108                             'register' => true,
00109                             'account'  => true,
00110                            ),
00111                        'fnc' => array (
00112                            'tobasket'         => true,
00113                            'login_noredirect' => true,
00114                            'tocomparelist'    => true,
00115                            ),
00116                        '_artperpage' => true,
00117                        'ldtype'      => true,
00118                        'listorderby' => true,
00119     );
00120 
00126     protected $_blSidNeeded = null;
00127 
00133     protected $_aPersistentParams = array("actshop", "lang", "currency", "language", "tpllanguage");
00134 
00140     public static function getInstance()
00141     {
00142         if ( defined('OXID_PHP_UNIT')) {
00143             if ( isset( modSession::$unitMOD) && is_object( modSession::$unitMOD)) {
00144                 return modSession::$unitMOD;
00145             }
00146         }
00147         if (!isset(self::$_instance)) {
00148             self::$_instance  = oxNew( 'oxsession' );
00149         }
00150         return self::$_instance;
00151     }
00152 
00158     public function getId()
00159     {
00160         return $this->_sId;
00161     }
00162 
00170     public function setId($sVal)
00171     {
00172         $this->_sId = $sVal;
00173     }
00174 
00182     public function setName($sVal)
00183     {
00184         $this->_sName = $sVal;
00185     }
00186 
00192     public function getForcedName()
00193     {
00194         return $this->_sForcedPrefix . $this->getName();
00195     }
00196 
00202     public function getName()
00203     {
00204         return $this->_sName;
00205     }
00206 
00212     public function start()
00213     {
00214         $myConfig = $this->getConfig();
00215         $sid = null;
00216 
00217         if ( $this->isAdmin() ) {
00218             $this->setName("admin_sid");
00219         } else {
00220             $this->setName("sid");
00221         }
00222 
00223         $sForceSidParam = oxConfig::getParameter($this->getForcedName());
00224         $sSidParam = oxConfig::getParameter($this->getName());
00225 
00226         //forcing sid for SSL<->nonSSL transitions
00227         if ($sForceSidParam) {
00228             $sid = $sForceSidParam;
00229         } elseif ($this->_getSessionUseCookies() && $this->_getCookieSid()) {
00230             $sid = $this->_getCookieSid();
00231         } elseif ($sSidParam) {
00232             $sid = $sSidParam;
00233         }
00234 
00235         //starting session if only we can
00236         if ( $this->_allowSessionStart() ) {
00237 
00238             //creating new sid
00239             if ( !$sid ) {
00240                 self::$_blIsNewSession = true;
00241                 $this->initNewSession();
00242             } else {
00243                 self::$_blIsNewSession = false;
00244                 $this->_setSessionId( $sid );
00245                 $this->_sessionStart();
00246             }
00247 
00248             //special handling for new ZP cluster session, as in that case session_start() regenerates id
00249             if ( $this->_sId != session_id() ) {
00250                 $this->_setSessionId( session_id() );
00251             }
00252 
00253             //checking for swapped client
00254             $blSwapped = $this->_isSwappedClient();
00255             if ( !self::$_blIsNewSession && $blSwapped ) {
00256                 $this->initNewSession();
00257 
00258                 // passing notification about session problems
00259                 if ( $this->_sErrorMsg && $myConfig->getConfigParam( 'iDebug' ) ) {
00260                     oxUtilsView::getInstance()->addErrorToDisplay( oxNew( "oxException", $this->_sErrorMsg ) );
00261                 }
00262             } elseif ( !$blSwapped ) {
00263                 // transferring cookies between hosts
00264                 oxUtilsServer::getInstance()->loadSessionCookies();
00265             }
00266         }
00267     }
00268 
00274     public function getRequestChallengeToken()
00275     {
00276         return preg_replace('/[^a-z0-9]/i', '', oxConfig::getParameter('stoken'));
00277     }
00278 
00284     public function getSessionChallengeToken()
00285     {
00286         $sRet = preg_replace('/[^a-z0-9]/i', '', self::getVar('sess_stoken'));
00287         if (!$sRet) {
00288             $this->_initNewSessionChallenge();
00289             $sRet = self::getVar('sess_stoken');
00290         }
00291         return $sRet;
00292     }
00293 
00300     public function checkSessionChallenge()
00301     {
00302         $sToken = $this->getSessionChallengeToken();
00303         return $sToken && ($sToken == $this->getRequestChallengeToken());
00304     }
00305 
00311     protected function _initNewSessionChallenge()
00312     {
00313         self::setVar('sess_stoken', sprintf('%X', crc32(oxUtilsObject::getInstance()->generateUID())));
00314     }
00315 
00321     protected function _sessionStart()
00322     {
00323         //enforcing no caching when session is started
00324         session_cache_limiter( 'nocache' );
00325 
00326         //cache limiter workaround for AOL browsers
00327         //as suggested at http://ilia.ws/archives/59-AOL-Browser-Woes.html
00328         if ( isset( $_SERVER['HTTP_USER_AGENT'] ) &&
00329              strpos( $_SERVER['HTTP_USER_AGENT'], 'AOL' ) !== false ) {
00330 
00331             session_cache_limiter(false);
00332             header("Cache-Control: no-store, private, must-revalidate, proxy-revalidate, post-check=0, pre-check=0, max-age=0, s-maxage=0");
00333         }
00334 
00335         $this->_blStarted = @session_start();
00336         if ( !$this->getSessionChallengeToken() ) {
00337             $this->_initNewSessionChallenge();
00338         }
00339 
00340         return $this->_blStarted;
00341     }
00342 
00348     public function initNewSession()
00349     {
00350         // starting session only if it was not started yet
00351         if ( self::$_blIsNewSession ) {
00352             $this->_sessionStart();
00353         }
00354 
00355         //saving persistent params if old session exists
00356         $aPersistent = array();
00357         foreach ( $this->_aPersistentParams as $sParam ) {
00358             if ( ( $sValue = self::getVar( $sParam ) ) ) {
00359                 $aPersistent[$sParam] = $sValue;
00360             }
00361         }
00362 
00363         $this->_setSessionId( $this->_getNewSessionId() );
00364 
00365         //restoring persistent params to session
00366         foreach ( $aPersistent as $sKey => $sParam ) {
00367             self::setVar( $sKey, $aPersistent[$sKey] );
00368         }
00369 
00370         $this->_initNewSessionChallenge();
00371 
00372         // (re)setting actual user agent when initiating new session
00373         self::setVar( "sessionagent", oxUtilsServer::getInstance()->getServerVar( 'HTTP_USER_AGENT' ) );
00374     }
00375 
00381     public function regenerateSessionId()
00382     {
00383         // starting session only if it was not started yet
00384         if ( self::$_blIsNewSession ) {
00385             $this->_sessionStart();
00386 
00387             // (re)setting actual user agent when initiating new session
00388             self::setVar( "sessionagent", oxUtilsServer::getInstance()->getServerVar( 'HTTP_USER_AGENT' ) );
00389         }
00390 
00391         $this->_setSessionId( $this->_getNewSessionId( false ) );
00392         $this->_initNewSessionChallenge();
00393     }
00394 
00403     protected function _getNewSessionId( $blUnset = true )
00404     {
00405         $sOldId = session_id();
00406         session_regenerate_id( ! oxConfig::getInstance()->getConfigParam( 'blAdodbSessionHandler' ) );
00407         $sNewId = session_id();
00408 
00409         if ( $blUnset ) {
00410             session_unset();
00411         }
00412 
00413         if ( oxConfig::getInstance()->getConfigParam( 'blAdodbSessionHandler' ) ) {
00414             $oDB = oxDb::getDb();
00415             $oDB->execute("UPDATE oxsessions SET SessionID = ".$oDB->quote( $sNewId )." WHERE SessionID = ".$oDB->quote( $sOldId ) );
00416         }
00417 
00418         return session_id();
00419     }
00420 
00426     public function freeze()
00427     {
00428         // storing basket ..
00429         self::setVar( $this->_getBasketName(), serialize( $this->getBasket() ) );
00430 
00431         session_write_close();
00432     }
00433 
00439     public function destroy()
00440     {
00441         //session_unset();
00442         unset($_SESSION);
00443         session_destroy();
00444     }
00445 
00453     public static function hasVar( $name )
00454     {
00455         if ( defined( 'OXID_PHP_UNIT' ) ) {
00456             if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
00457                 try{
00458                     $sVal = modSession::getInstance()->getVar( $name );
00459                     return isset( $sVal );
00460                 } catch( Exception $e ) {
00461                     // if exception is thrown, use default
00462                 }
00463             }
00464         }
00465 
00466         return isset($_SESSION[$name]);
00467     }
00468 
00477     public static function setVar( $name, $value)
00478     {
00479         if ( defined( 'OXID_PHP_UNIT' ) ) {
00480             if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
00481                 try{
00482                     return modSession::getInstance()->setVar(  $name, $value );
00483                 } catch( Exception $e ) {
00484                     // if exception is thrown, use default
00485                 }
00486             }
00487         }
00488 
00489         $_SESSION[$name] = $value;
00490         //logger( "set sessionvar : $name -> $value");
00491     }
00492 
00500     public static function getVar( $name )
00501     {
00502         if ( defined( 'OXID_PHP_UNIT' ) ) {
00503             if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
00504                 try{
00505                     return modSession::getInstance()->getVar( $name );
00506                 } catch( Exception $e ) {
00507                     // if exception is thrown, use default
00508                 }
00509             }
00510         }
00511 
00512         if ( isset( $_SESSION[$name] )) {
00513             return $_SESSION[$name];
00514         } else {
00515             return null;
00516         }
00517     }
00518 
00526     public static function deleteVar( $name )
00527     {
00528         if ( defined( 'OXID_PHP_UNIT' ) ) {
00529             if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
00530                 try{
00531                     return modSession::getInstance()->setVar( $name, null );
00532                 } catch( Exception $e ) {
00533                     // if exception is thrown, use default
00534                 }
00535             }
00536         }
00537 
00538         $_SESSION[$name] = null;
00539         //logger( "delete sessionvar : $name");
00540         unset($_SESSION[$name]);
00541     }
00542 
00552     public function sid( $blForceSid = false )
00553     {
00554         $myConfig     = $this->getConfig();
00555         $blUseCookies = $this->_getSessionUseCookies();
00556         $sRet         = '';
00557 
00558         $blDisableSid = oxUtils::getInstance()->isSearchEngine()
00559                         && is_array($myConfig->getConfigParam( 'aCacheViews' ) )
00560                         && !$this->isAdmin();
00561 
00562         //no cookie?
00563         if ( !$blDisableSid && $this->getId() && ($blForceSid || !$blUseCookies || !$this->_getCookieSid())) {
00564             $sRet = ( $blForceSid ? $this->getForcedName() : $this->getName() )."=".$this->getId();
00565         }
00566 
00567         if ($this->isAdmin()) {
00568             // admin mode always has to have token
00569             if ($sRet) {
00570                 $sRet .= '&amp;';
00571             }
00572             $sRet .= 'stoken='.$this->getSessionChallengeToken();
00573         }
00574 
00575         return $sRet;
00576     }
00577 
00583     public function hiddenSid()
00584     {
00585         $sToken = "<input type=\"hidden\" name=\"stoken\" value=\"".$this->getSessionChallengeToken(). "\">";
00586         $sSid   = "<input type=\"hidden\" name=\"".$this->getForcedName()."\" value=\"". $this->getId() . "\">";
00587         return $sToken.$sSid;
00588     }
00589 
00595     public function getBasket()
00596     {
00597         if ( $this->_oBasket === null ) {
00598             $sBasket = self::getVar( $this->_getBasketName() );
00599 
00600             //init oxbasketitem class first
00601             //#1746
00602             oxNew('oxbasketitem');
00603 
00604             $oBasket = ( $sBasket && ( $oBasket = unserialize( $sBasket ) ) ) ? $oBasket : oxNew( 'oxbasket' );
00605             $this->setBasket( $oBasket );
00606         }
00607 
00608         return $this->_oBasket;
00609     }
00610 
00618     public function setBasket( $oBasket )
00619     {
00620         // sets basket session object
00621         $this->_oBasket = $oBasket;
00622     }
00623 
00629     public function delBasket()
00630     {
00631         $this->setBasket( null );
00632         self::deleteVar( $this->_getBasketName());
00633     }
00634 
00640     public function isNewSession()
00641     {
00642         return self::$_blIsNewSession;
00643     }
00644 
00651     public function setForceNewSession()
00652     {
00653         $this->_blForceNewSession = true;
00654     }
00655 
00663     public function isSidNeeded( $sUrl = null )
00664     {
00665         if ( $this->_getSessionUseCookies() && $this->_getCookieSid() ) {
00666             // switching from ssl to non ssl or vice versa?
00667             if ( ( strpos( $sUrl, "https:" ) === 0 && !$this->getConfig()->isSsl() ) ||
00668                  ( strpos( $sUrl, "http:" ) === 0 && $this->getConfig()->isSsl() ) ) {
00669                 return true;
00670             }
00671         }
00672 
00673         if ( $sUrl && !$this->getConfig()->isCurrentUrl( $sUrl ) ) {
00674             return true;
00675         } elseif ( $this->_blSidNeeded === null ) {
00676             // setting initial state
00677             $this->_blSidNeeded = false;
00678 
00679             // no SIDs for seach engines
00680             if ( !oxUtils::getInstance()->isSearchEngine() ) {
00681                 // cookie found - SID is not needed
00682                 if ( oxUtilsServer::getInstance()->getOxCookie( $this->getName() ) ) {
00683                     $this->_blSidNeeded = false;
00684                 } elseif ( $this->_forceSessionStart() ) {
00685                     $this->_blSidNeeded = true;
00686                 } else {
00687                     // no cookie, so must check session
00688                     if ( $blSidNeeded = self::getVar( 'blSidNeeded' ) ) {
00689                         $this->_blSidNeeded = true;
00690                     } elseif ( $this->_isSessionRequiredAction() ) {
00691                         $this->_blSidNeeded = true;
00692 
00693                         // storing to session, performance..
00694                         self::setVar( 'blSidNeeded', $this->_blSidNeeded  );
00695                     }
00696                 }
00697             }
00698         }
00699 
00700         return $this->_blSidNeeded;
00701     }
00702 
00714     public function processUrl( $sUrl )
00715     {
00716         $sSid = $this->sid( $this->isSidNeeded( $sUrl ) );
00717         if ($sSid) {
00718             $oStr = getStr();
00719             $aUrlParts = explode( '#', $sUrl );
00720             if ( !$oStr->preg_match('/(\?|&(amp;)?)sid=/i', $aUrlParts[0]) && (false === $oStr->strpos($aUrlParts[0], $sSid))) {
00721                 if (!$oStr->preg_match('/(\?|&(amp;)?)$/', $sUrl)) {
00722                     $aUrlParts[0] .= ( $oStr->strstr( $aUrlParts[0], '?' ) !== false ?  '&amp;' : '?' );
00723                 }
00724                 $aUrlParts[0] .= $sSid . '&amp;';
00725             }
00726             $sUrl = join( '#', $aUrlParts );
00727         }
00728         return $sUrl;
00729     }
00730 
00740     public function getRemoteAccessToken($blGenerateNew = true)
00741     {
00742         $sToken = $this->getVar('_rtoken');
00743         if (!$sToken && $blGenerateNew) {
00744             $sToken = md5(rand() . $this->getId());
00745             $sToken = substr($sToken, 0, 8);
00746             self::setVar('_rtoken', $sToken);
00747         }
00748 
00749         return $sToken;
00750     }
00751 
00758     protected function _forceSessionStart()
00759     {
00760         return ( !oxUtils::getInstance()->isSearchEngine() ) && ( (( bool ) $this->getConfig()->getConfigParam( 'blForceSessionStart' )) || oxConfig::getParameter( "su" ) || $this->_blForceNewSession );
00761     }
00762 
00768     protected function _allowSessionStart()
00769     {
00770         $blAllowSessionStart = true;
00771         $myConfig = oxConfig::getInstance();
00772 
00773         // special handling only in non-admin mode
00774         if ( !$this->isAdmin() ) {
00775             if ( oxUtils::getInstance()->isSearchEngine() || oxConfig::getParameter( 'skipSession' ) ) {
00776                 $blAllowSessionStart = false;
00777             } elseif (oxUtilsServer::getInstance()->getOxCookie( 'oxid_'.$myConfig->getShopId().'_autologin' ) === '1') {
00778                 $blAllowSessionStart = true;
00779             } elseif ( !$this->_forceSessionStart() && !oxUtilsServer::getInstance()->getOxCookie( 'sid_key' ) ) {
00780 
00781                 // session is not needed to start when it is not necessary:
00782                 // - no sid in request and also user executes no session connected action
00783                 // - no cookie set and user executes no session connected action
00784                 if ( !oxUtilsServer::getInstance()->getOxCookie( $this->getName() ) &&
00785                      !( oxConfig::getParameter( $this->getName() ) || oxConfig::getParameter( $this->getForcedName() ) ) &&
00786                      !$this->_isSessionRequiredAction() ) {
00787                     $blAllowSessionStart = false;
00788                 }
00789             }
00790         }
00791 
00792         return $blAllowSessionStart;
00793     }
00794 
00802     protected function _isSwappedClient()
00803     {
00804         $blSwapped = false;
00805         $myUtilsServer = oxUtilsServer::getInstance();
00806 
00807         // check only for non search engines
00808         if ( !oxUtils::getInstance()->isSearchEngine() && !$myUtilsServer->isTrustedClientIp() && !$this->_isValidRemoteAccessToken()) {
00809 
00810             $myConfig = $this->getConfig();
00811 
00812             // checking if session user agent matches actual
00813             $blSwapped = $this->_checkUserAgent( $myUtilsServer->getServerVar( 'HTTP_USER_AGENT' ), self::getVar( 'sessionagent' ) );
00814             if ( !$blSwapped ) {
00815                 if ( $myConfig->getConfigParam( 'blAdodbSessionHandler' ) ) {
00816                     $blSwapped = $this->_checkSid();
00817                 }
00818 
00819                 if ( !$blSwapped ) {
00820                     $blDisableCookieCheck = $myConfig->getConfigParam( 'blDisableCookieCheck' );
00821                     $blUseCookies         = $this->_getSessionUseCookies();
00822                     if ( !$blDisableCookieCheck && $blUseCookies ) {
00823                         $blSwapped = $this->_checkCookies( $myUtilsServer->getOxCookie( 'sid_key' ), self::getVar( "sessioncookieisset" ) );
00824                     }
00825                 }
00826             }
00827         }
00828 
00829         return $blSwapped;
00830     }
00831 
00840     protected function _checkUserAgent( $sAgent, $sExistingAgent )
00841     {
00842         $blCheck = false;
00843 
00844         // processing
00845         $oUtils = oxUtilsServer::getInstance();
00846         $sAgent = $oUtils->processUserAgentInfo( $sAgent );
00847         $sExistingAgent = $oUtils->processUserAgentInfo( $sExistingAgent );
00848 
00849         if ( $sAgent && $sAgent !== $sExistingAgent ) {
00850             if ( $sExistingAgent ) {
00851                 $this->_sErrorMsg = "Different browser ({$sExistingAgent}, {$sAgent}), creating new SID...<br>";
00852             }
00853             $blCheck = true;
00854         }
00855 
00856         return $blCheck;
00857     }
00858 
00864     protected function _checkSid()
00865     {
00866         $oDb = oxDb::getDb();
00867         //matze changed sesskey to SessionID because structure of oxsession changed!!
00868         $sSID = $oDb->GetOne("select SessionID from oxsessions where SessionID = ".$oDb->quote( $this->getId() ));
00869 
00870         //2007-05-14
00871         //we check _blNewSession as well as this may be actually new session not written to db yet
00872         if ( !$this->_blNewSession && (!isset( $sSID) || !$sSID)) {
00873             // this means, that this session has expired in the past and someone uses this sid to reactivate it
00874             $this->_sErrorMsg = "Session has expired in the past and someone uses this sid to reactivate it, creating new SID...<br>";
00875             return true;
00876         }
00877         return false;
00878     }
00879 
00889     protected function _checkCookies( $sCookieSid, $aSessCookieSetOnce )
00890     {
00891         $blSwapped = false;
00892         $myConfig  = $this->getConfig();
00893         $sCurrUrl  = $myConfig->isSsl() ? $myConfig->getSslShopUrl( 0 ) : $myConfig->getShopUrl( 0 );
00894 
00895         $blSessCookieSetOnce = false;
00896         if ( isset( $aSessCookieSetOnce[$sCurrUrl] ) ) {
00897             $blSessCookieSetOnce = $aSessCookieSetOnce[$sCurrUrl];
00898         }
00899 
00900         //if cookie was there once but now is gone it means we have to reset
00901         if ( $blSessCookieSetOnce && !$sCookieSid ) {
00902             if ( $myConfig->getConfigParam( 'iDebug' ) ) {
00903                 $this->_sErrorMsg  = "Cookie not found, creating new SID...<br>";
00904                 $this->_sErrorMsg .= "Cookie: $sCookieSid<br>";
00905                 $this->_sErrorMsg .= "Session: $blSessCookieSetOnce<br>";
00906                 $this->_sErrorMsg .= "URL: ".$sCurrUrl."<br>";
00907             }
00908             $blSwapped = true;
00909         }
00910 
00911         //if we detect the cookie then set session var for possible later use
00912         if ( $sCookieSid == "oxid" && !$blSessCookieSetOnce ) {
00913             $aSessCookieSetOnce[$sCurrUrl] = "ox_true";
00914             self::setVar( "sessioncookieisset", $aSessCookieSetOnce );
00915         }
00916 
00917         //if we have no cookie then try to set it
00918         if ( !$sCookieSid ) {
00919             oxUtilsServer::getInstance()->setOxCookie( 'sid_key', 'oxid' );
00920         }
00921         return $blSwapped;
00922     }
00923 
00931     protected function _setSessionId($sSessId)
00932     {
00933         //marking this session as new one, as it might be not writen to db yet
00934         if ( $sSessId && session_id() != $sSessId ) {
00935             $this->_blNewSession = true;
00936         }
00937 
00938         session_id( $sSessId );
00939 
00940         $this->setId( $sSessId );
00941 
00942         $blUseCookies = $this->_getSessionUseCookies();
00943 
00944         if ( !$this->_allowSessionStart() ) {
00945             if ( $blUseCookies ) {
00946                 oxUtilsServer::getInstance()->setOxCookie( $this->getName(), null );
00947             }
00948             return;
00949         }
00950 
00951         if ( $blUseCookies ) {
00952             //setting session cookie
00953             oxUtilsServer::getInstance()->setOxCookie( $this->getName(), $sSessId );
00954         }
00955     }
00956 
00962     protected function _getBasketName()
00963     {
00964         $myConfig = $this->getConfig();
00965         if ( $myConfig->getConfigParam( 'blMallSharedBasket' ) == 0 ) {
00966             return $myConfig->getShopId()."_basket";
00967         }
00968         return "basket";
00969     }
00970 
00976     protected function _getCookieSid()
00977     {
00978         return oxUtilsServer::getInstance()->getOxCookie($this->getName());
00979     }
00980 
00987     protected function _getRequireSessionWithParams()
00988     {
00989         $aCfgArray = $this->getConfig()->getConfigParam('aRequireSessionWithParams');
00990         if (is_array($aCfgArray)) {
00991             $aDefault = $this->_aRequireSessionWithParams;
00992             foreach ($aCfgArray as $key => $val) {
00993                 if (!is_array($val) && $val) {
00994                     unset($aDefault[$key]);
00995                 }
00996             }
00997             return array_merge_recursive($aCfgArray, $aDefault);
00998         }
00999         return $this->_aRequireSessionWithParams;
01000     }
01001 
01007     protected function _isSessionRequiredAction()
01008     {
01009         foreach ($this->_getRequireSessionWithParams() as $sParam => $aValues) {
01010             $sValue = oxConfig::getParameter( $sParam );
01011             if (isset($sValue)) {
01012                 if (is_array($aValues)) {
01013                     if (isset($aValues[$sValue]) && $aValues[$sValue]) {
01014                         return true;
01015                     }
01016                 } elseif ($aValues) {
01017                     return true;
01018                 }
01019             }
01020         }
01021 
01022         return ( isset( $_SERVER['REQUEST_METHOD'] ) && $_SERVER['REQUEST_METHOD'] == 'POST');
01023     }
01024 
01030     protected function _getSessionUseCookies()
01031     {
01032         return $this->isAdmin() || $this->getConfig()->getConfigParam( 'blSessionUseCookies');
01033     }
01034 
01040     protected function _isValidRemoteAccessToken()
01041     {
01042         $sInputToken = oxConfig::getParameter('rtoken');
01043         $sToken = $this->getRemoteAccessToken(false);
01044         $blTokenEqual = !(bool)strcmp($sInputToken, $sToken);
01045         $blValid = $sInputToken && $blTokenEqual;
01046 
01047         return $blValid;
01048     }
01049 
01055     public function getBasketReservations()
01056     {
01057         if (!$this->_oBasketReservations) {
01058             $this->_oBasketReservations = oxNew('oxBasketReservation');
01059         }
01060         return $this->_oBasketReservations;
01061     }
01062 
01068     public function isHeaderSent()
01069     {
01070         return headers_sent();
01071     }
01072 
01078     public function isSessionStarted()
01079     {
01080         return $this->_blStarted;
01081     }
01082 }