oxsession.php

Go to the documentation of this file.
00001 <?php
00002 
00003 DEFINE('_DB_SESSION_HANDLER', getShopBasePath() . 'core/adodblite/session/adodb-session.php');
00004 
00010 class oxSession extends oxSuperCfg
00011 {
00017     protected $_sName = 'sid';
00018 
00024     protected $_sForcedPrefix = 'force_';
00025 
00030     protected  $_sId     = null;
00031 
00037     protected static $_blIsNewSession = false;
00038 
00042     protected static $_instance = null;
00043 
00048     protected static  $_oUser = null;
00049 
00056     protected $_blNewSession = false;
00057 
00063     protected $_blForceNewSession = false;
00064 
00070     protected $_sErrorMsg = null;
00071 
00077     protected $_oBasket = null;
00078 
00084     protected $_oBasketReservations = null;
00085 
00091     protected $_blStarted = false;
00092 
00101     protected $_aRequireSessionWithParams = array(
00102                        'cl' => array (
00103                             'register' => true,
00104                             'account'  => true,
00105                            ),
00106                        'fnc' => array (
00107                            'tobasket'         => true,
00108                            'login_noredirect' => true,
00109                            'tocomparelist'    => true,
00110                            ),
00111                        '_artperpage' => true,
00112                        'ldtype'      => true,
00113                        'listorderby' => true,
00114     );
00115 
00121     protected $_blSidNeeded = null;
00122 
00128     protected $_aPersistentParams = array("actshop", "lang", "currency", "language", "tpllanguage");
00129 
00137     public static function getInstance()
00138     {
00139         return oxRegistry::getSession();
00140     }
00141 
00147     public function getId()
00148     {
00149         return $this->_sId;
00150     }
00151 
00159     public function setId($sVal)
00160     {
00161         $this->_sId = $sVal;
00162     }
00163 
00171     public function setName($sVal)
00172     {
00173         $this->_sName = $sVal;
00174     }
00175 
00181     public function getForcedName()
00182     {
00183         return $this->_sForcedPrefix . $this->getName();
00184     }
00185 
00191     public function getName()
00192     {
00193         return $this->_sName;
00194     }
00195 
00201     public function start()
00202     {
00203         $myConfig = $this->getConfig();
00204         $sid = null;
00205 
00206         if ( $this->isAdmin() ) {
00207             $this->setName("admin_sid");
00208         } else {
00209             $this->setName("sid");
00210         }
00211 
00212         $sForceSidParam = $myConfig->getRequestParameter( $this->getForcedName() );
00213         $sSidParam = $myConfig->getRequestParameter( $this->getName() );
00214 
00215         //forcing sid for SSL<->nonSSL transitions
00216         if ($sForceSidParam) {
00217             $sid = $sForceSidParam;
00218         } elseif ($this->_getSessionUseCookies() && $this->_getCookieSid()) {
00219             $sid = $this->_getCookieSid();
00220         } elseif ($sSidParam) {
00221             $sid = $sSidParam;
00222         }
00223 
00224         //starting session if only we can
00225         if ( $this->_allowSessionStart() ) {
00226 
00227             //creating new sid
00228             if ( !$sid ) {
00229                 self::$_blIsNewSession = true;
00230                 $this->initNewSession();
00231             } else {
00232                 self::$_blIsNewSession = false;
00233                 $this->_setSessionId( $sid );
00234                 $this->_sessionStart();
00235             }
00236 
00237             //special handling for new ZP cluster session, as in that case session_start() regenerates id
00238             if ( $this->_sId != session_id() ) {
00239                 $this->_setSessionId( session_id() );
00240             }
00241 
00242             //checking for swapped client
00243             $blSwapped = $this->_isSwappedClient();
00244             if ( !self::$_blIsNewSession && $blSwapped ) {
00245                 $this->initNewSession();
00246 
00247                 // passing notification about session problems
00248                 if ( $this->_sErrorMsg && $myConfig->getConfigParam( 'iDebug' ) ) {
00249                     oxRegistry::get("oxUtilsView")->addErrorToDisplay( oxNew( "oxException", $this->_sErrorMsg ) );
00250                 }
00251             } elseif ( !$blSwapped ) {
00252                 // transferring cookies between hosts
00253                 oxRegistry::get("oxUtilsServer")->loadSessionCookies();
00254             }
00255         }
00256     }
00257 
00263     public function getRequestChallengeToken()
00264     {
00265         return preg_replace('/[^a-z0-9]/i', '', $this->getConfig()->getRequestParameter( 'stoken') );
00266     }
00267 
00273     public function getSessionChallengeToken()
00274     {
00275         $sRet = preg_replace('/[^a-z0-9]/i', '', $this->getVariable( 'sess_stoken' ) );
00276         if (!$sRet) {
00277             $this->_initNewSessionChallenge();
00278             $sRet = $this->getVariable( 'sess_stoken' );
00279         }
00280         return $sRet;
00281     }
00282 
00289     public function checkSessionChallenge()
00290     {
00291         $sToken = $this->getSessionChallengeToken();
00292         return $sToken && ($sToken == $this->getRequestChallengeToken());
00293     }
00294 
00300     protected function _initNewSessionChallenge()
00301     {
00302         $this->setVariable('sess_stoken', sprintf('%X', crc32(oxUtilsObject::getInstance()->generateUID())));
00303     }
00304 
00310     protected function _sessionStart()
00311     {
00312         $blSetNoCache = true;
00313         if ( $blSetNoCache ) {
00314             //enforcing no caching when session is started
00315             session_cache_limiter( 'nocache' );
00316 
00317             //cache limiter workaround for AOL browsers
00318             //as suggested at http://ilia.ws/archives/59-AOL-Browser-Woes.html
00319             if ( isset( $_SERVER['HTTP_USER_AGENT'] ) &&
00320                  strpos( $_SERVER['HTTP_USER_AGENT'], 'AOL' ) !== false ) {
00321 
00322                 session_cache_limiter(false);
00323                 header("Cache-Control: no-store, private, must-revalidate, proxy-revalidate, post-check=0, pre-check=0, max-age=0, s-maxage=0");
00324             }
00325         }
00326 
00327         // Including database session managing class if needed.
00328         if (oxRegistry::getConfig()->getConfigParam( 'blAdodbSessionHandler' ) ) {
00329             $oDB = oxDb::getDb();
00330             include_once _DB_SESSION_HANDLER;
00331         }
00332 
00333         $this->_blStarted = @session_start();
00334         if ( !$this->getSessionChallengeToken() ) {
00335             $this->_initNewSessionChallenge();
00336         }
00337 
00338         return $this->_blStarted;
00339     }
00340 
00346     public function initNewSession()
00347     {
00348         // starting session only if it was not started yet
00349         if ( self::$_blIsNewSession ) {
00350             $this->_sessionStart();
00351         }
00352 
00353         //saving persistent params if old session exists
00354         $aPersistent = array();
00355         foreach ( $this->_aPersistentParams as $sParam ) {
00356             if ( ( $sValue = $this->getVariable( $sParam ) ) ) {
00357                 $aPersistent[$sParam] = $sValue;
00358             }
00359         }
00360 
00361         $this->_setSessionId( $this->_getNewSessionId() );
00362 
00363         //restoring persistent params to session
00364         foreach ( $aPersistent as $sKey => $sParam ) {
00365             $this->setVariable( $sKey, $aPersistent[$sKey] );
00366         }
00367 
00368         $this->_initNewSessionChallenge();
00369 
00370         // (re)setting actual user agent when initiating new session
00371         $this->setVariable( "sessionagent", oxRegistry::get("oxUtilsServer")->getServerVar( 'HTTP_USER_AGENT' ) );
00372     }
00373 
00379     public function regenerateSessionId()
00380     {
00381         // starting session only if it was not started yet
00382         if ( self::$_blIsNewSession ) {
00383             $this->_sessionStart();
00384 
00385             // (re)setting actual user agent when initiating new session
00386             $this->setVariable( "sessionagent", oxRegistry::get("oxUtilsServer")->getServerVar( 'HTTP_USER_AGENT' ) );
00387         }
00388 
00389         $this->_setSessionId( $this->_getNewSessionId( false ) );
00390         $this->_initNewSessionChallenge();
00391     }
00392 
00401     protected function _getNewSessionId( $blUnset = true )
00402     {
00403         $sOldId = session_id();
00404         @session_regenerate_id( ! oxRegistry::getConfig()->getConfigParam( 'blAdodbSessionHandler' ) );
00405         $sNewId = session_id();
00406 
00407         if ( $blUnset ) {
00408             session_unset();
00409         }
00410 
00411         if ( oxRegistry::getConfig()->getConfigParam( 'blAdodbSessionHandler' ) ) {
00412             $oDB = oxDb::getDb();
00413             $oDB->execute("UPDATE oxsessions SET SessionID = ".$oDB->quote( $sNewId )." WHERE SessionID = ".$oDB->quote( $sOldId ) );
00414         }
00415 
00416         return session_id();
00417     }
00418 
00424     public function freeze()
00425     {
00426         // storing basket ..
00427         $this->setVariable( $this->_getBasketName(), serialize( $this->getBasket() ) );
00428 
00429         session_write_close();
00430     }
00431 
00437     public function destroy()
00438     {
00439         //session_unset();
00440         unset($_SESSION);
00441         session_destroy();
00442     }
00443 
00453     public static function hasVar( $name )
00454     {
00455         return oxRegistry::getSession()->hasVariable( $name );
00456     }
00457 
00465     public function hasVariable( $name )
00466     {
00467         if ( defined( 'OXID_PHP_UNIT' ) ) {
00468             if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
00469                 try {
00470                     $sVal = modSession::getInstance()->getVar( $name );
00471                     return isset( $sVal );
00472                 } catch( Exception $e ) {
00473                     // if exception is thrown, use default
00474                 }
00475             }
00476         }
00477 
00478         return isset( $_SESSION[$name] );
00479     }
00480 
00491     public static function setVar( $name, $value )
00492     {
00493 
00494         return oxRegistry::getSession()->setVariable( $name, $value );
00495     }
00496 
00505     public function setVariable( $name, $value )
00506     {
00507         if ( defined( 'OXID_PHP_UNIT' ) ) {
00508             if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
00509                 try{
00510                     return modSession::getInstance()->setVar( $name, $value );
00511                 } catch( Exception $e ) {
00512                     // if exception is thrown, use default
00513                 }
00514             }
00515         }
00516 
00517         $_SESSION[$name] = $value;
00518         //logger( "set sessionvar : $name -> $value");
00519     }
00520 
00530     public static function getVar( $name )
00531     {
00532         return oxRegistry::getSession()->getVariable( $name );
00533     }
00534 
00542     public function getVariable( $name )
00543     {
00544         if ( defined( 'OXID_PHP_UNIT' ) ) {
00545             if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
00546                 try{
00547                     return modSession::getInstance()->getVar( $name );
00548                 } catch( Exception $e ) {
00549                     // if exception is thrown, use default
00550                 }
00551             }
00552         }
00553 
00554         if ( isset( $_SESSION[$name] )) {
00555             return $_SESSION[$name];
00556         } else {
00557             return null;
00558         }
00559     }
00560 
00570     public static function deleteVar( $name )
00571     {
00572         oxRegistry::getSession()->deleteVariable( $name );
00573     }
00574 
00582     public function deleteVariable( $name )
00583     {
00584         if ( defined( 'OXID_PHP_UNIT' ) ) {
00585             if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
00586                 try{
00587                     return modSession::getInstance()->setVar( $name, null );
00588                 } catch( Exception $e ) {
00589                     // if exception is thrown, use default
00590                 }
00591             }
00592         }
00593 
00594         $_SESSION[$name] = null;
00595         //logger( "delete sessionvar : $name");
00596         unset( $_SESSION[$name] );
00597     }
00598 
00608     public function sid( $blForceSid = false )
00609     {
00610         $myConfig     = $this->getConfig();
00611         $blUseCookies = $this->_getSessionUseCookies();
00612         $sRet         = '';
00613 
00614         $blDisableSid = oxRegistry::getUtils()->isSearchEngine()
00615                         && is_array($myConfig->getConfigParam( 'aCacheViews' ) )
00616                         && !$this->isAdmin();
00617 
00618         //no cookie?
00619         if (!$blDisableSid && $this->getId() && ( $blForceSid || !$blUseCookies || !$this->_getCookieSid())) {
00620             $sRet = ( $blForceSid ? $this->getForcedName() : $this->getName() )."=".$this->getId();
00621         }
00622 
00623         if ($this->isAdmin()) {
00624             // admin mode always has to have token
00625             if ($sRet) {
00626                 $sRet .= '&amp;';
00627             }
00628             $sRet .= 'stoken='.$this->getSessionChallengeToken();
00629         }
00630 
00631         return $sRet;
00632     }
00633 
00639     public function hiddenSid()
00640     {
00641         $sSid = $sToken = '';
00642         if ($this->isSidNeeded()) {
00643              $sSid   = "<input type=\"hidden\" name=\"".$this->getForcedName()."\" value=\"". $this->getId() . "\" />";
00644         }
00645         if ($this->getId()) {
00646             $sToken = "<input type=\"hidden\" name=\"stoken\" value=\"".$this->getSessionChallengeToken(). "\" />";
00647         }
00648         return $sToken.$sSid;
00649     }
00650 
00656     public function getBasket()
00657     {
00658         if ( $this->_oBasket === null ) {
00659             $sBasket = $this->getVariable( $this->_getBasketName() );
00660 
00661             //init oxbasketitem class first
00662             //#1746
00663             oxNew('oxbasketitem');
00664 
00665             // init oxbasket through oxNew and not oxAutoload, Mantis-Bug #0004262
00666             $oEmptyBasket = oxNew('oxbasket');
00667             
00668             $oBasket = ( $sBasket && ( $oBasket = unserialize( $sBasket ) ) ) ? $oBasket : null;
00669 
00670             if ( !$oBasket || ( get_class($oBasket) !== get_class($oEmptyBasket) ) ) {
00671                 $oBasket = $oEmptyBasket;
00672             }
00673 
00674             $this->_validateBasket($oBasket);
00675             $this->setBasket( $oBasket );
00676         }
00677 
00678         return $this->_oBasket;
00679     }
00680 
00688     protected function _validateBasket(oxBasket $oBasket)
00689     {
00690         $aCurrContent = $oBasket->getContents();
00691         if (empty($aCurrContent)) {
00692             return;
00693         }
00694 
00695         $iCurrLang = oxRegistry::getLang()->getBaseLanguage();
00696         foreach ($aCurrContent as $oContent) {
00697             if ($oContent->getLanguageId() != $iCurrLang) {
00698                 $oContent->setLanguageId($iCurrLang);
00699             }
00700         }
00701     }
00702 
00710     public function setBasket( $oBasket )
00711     {
00712         // sets basket session object
00713         $this->_oBasket = $oBasket;
00714     }
00715 
00721     public function delBasket()
00722     {
00723         $this->setBasket( null );
00724         $this->deleteVariable( $this->_getBasketName());
00725     }
00726 
00732     public function isNewSession()
00733     {
00734         return self::$_blIsNewSession;
00735     }
00736 
00743     public function setForceNewSession()
00744     {
00745         $this->_blForceNewSession = true;
00746     }
00747 
00755     public function isSidNeeded( $sUrl = null )
00756     {
00757         if ($this->isAdmin()) {
00758             return true;
00759         }
00760 
00761         $oConfig = $this->getConfig();
00762 
00763         if ( !$this->_getSessionUseCookies() || ( $sUrl && $this->_getCookieSid() && !$oConfig->isCurrentProtocol($sUrl) ) ) {
00764             // switching from ssl to non ssl or vice versa?
00765             return true;
00766         }
00767 
00768         if ( $sUrl && !$oConfig->isCurrentUrl( $sUrl ) ) {
00769             return true;
00770         } elseif ( $this->_blSidNeeded === null ) {
00771             // setting initial state
00772             $this->_blSidNeeded = false;
00773 
00774             // no SIDs for seach engines
00775             if ( !oxRegistry::getUtils()->isSearchEngine() ) {
00776                 // cookie found - SID is not needed
00777                 if ( oxRegistry::get("oxUtilsServer")->getOxCookie( $this->getName() ) ) {
00778                     $this->_blSidNeeded = false;
00779                 } elseif ( $this->_forceSessionStart() ) {
00780                     $this->_blSidNeeded = true;
00781                 } else {
00782                     // no cookie, so must check session
00783                     if ( $blSidNeeded = $this->getVariable( 'blSidNeeded' ) ) {
00784                         $this->_blSidNeeded = true;
00785                     } elseif ( $this->_isSessionRequiredAction() ) {
00786 
00787                         if (!count($_COOKIE)) {
00788                             $this->_blSidNeeded = true;
00789 
00790                             // storing to session, performance..
00791                             $this->setVariable( 'blSidNeeded', $this->_blSidNeeded  );
00792                         }
00793                     }
00794                 }
00795             }
00796         }
00797 
00798         return $this->_blSidNeeded;
00799     }
00800 
00808     public function isActualSidInCookie()
00809     {
00810         $blReturn = (isset($_COOKIE[$this->getName()]) &&  ($_COOKIE[$this->getName()] == $this->getId()));
00811         return $blReturn;
00812     }
00813 
00825     public function processUrl( $sUrl )
00826     {
00827         $blSid = $this->isSidNeeded( $sUrl );
00828 
00829         if ($blSid) {
00830             $sSid = $this->sid( $blSid );
00831 
00832             if ($sSid) {
00833 
00834                 $oStr = getStr();
00835                 $aUrlParts = explode( '#', $sUrl );
00836                 if ( !$oStr->preg_match('/(\?|&(amp;)?)sid=/i', $aUrlParts[0]) && (false === $oStr->strpos($aUrlParts[0], $sSid))) {
00837                     if (!$oStr->preg_match('/(\?|&(amp;)?)$/', $sUrl)) {
00838                         $aUrlParts[0] .= ( $oStr->strstr( $aUrlParts[0], '?' ) !== false ?  '&amp;' : '?' );
00839                     }
00840                     $aUrlParts[0] .= $sSid . '&amp;';
00841                 }
00842                 $sUrl = join( '#', $aUrlParts );
00843             }
00844         }
00845         return $sUrl;
00846     }
00847 
00857     public function getRemoteAccessToken($blGenerateNew = true)
00858     {
00859         $sToken = $this->getVar('_rtoken');
00860         if (!$sToken && $blGenerateNew) {
00861             $sToken = md5(rand() . $this->getId());
00862             $sToken = substr($sToken, 0, 8);
00863             $this->setVariable( '_rtoken', $sToken );
00864         }
00865 
00866         return $sToken;
00867     }
00868 
00875     protected function _forceSessionStart()
00876     {
00877         return ( !oxRegistry::getUtils()->isSearchEngine() ) && ( (( bool ) $this->getConfig()->getConfigParam( 'blForceSessionStart' )) || $this->getConfig()->getRequestParameter( "su" ) || $this->_blForceNewSession );
00878     }
00879 
00885     protected function _allowSessionStart()
00886     {
00887         $blAllowSessionStart = true;
00888         $myConfig = $this->getConfig();
00889 
00890         // special handling only in non-admin mode
00891         if ( !$this->isAdmin() ) {
00892             if ( oxRegistry::getUtils()->isSearchEngine() || $myConfig->getRequestParameter( 'skipSession' ) ) {
00893                 $blAllowSessionStart = false;
00894             } elseif (oxRegistry::get("oxUtilsServer")->getOxCookie( 'oxid_'.$myConfig->getShopId().'_autologin' ) === '1') {
00895                 $blAllowSessionStart = true;
00896             } elseif ( !$this->_forceSessionStart() && !oxRegistry::get("oxUtilsServer")->getOxCookie( 'sid_key' ) ) {
00897 
00898                 // session is not needed to start when it is not necessary:
00899                 // - no sid in request and also user executes no session connected action
00900                 // - no cookie set and user executes no session connected action
00901                 if ( !oxRegistry::get("oxUtilsServer")->getOxCookie( $this->getName() ) &&
00902                      !( $myConfig->getRequestParameter( $this->getName() ) || $myConfig->getRequestParameter( $this->getForcedName() ) ) &&
00903                      !$this->_isSessionRequiredAction() ) {
00904                     $blAllowSessionStart = false;
00905                 }
00906             }
00907         }
00908 
00909         return $blAllowSessionStart;
00910     }
00911 
00919     protected function _isSwappedClient()
00920     {
00921         $blSwapped = false;
00922         $myUtilsServer = oxRegistry::get("oxUtilsServer");
00923 
00924         // check only for non search engines
00925         if ( !oxRegistry::getUtils()->isSearchEngine() && !$myUtilsServer->isTrustedClientIp() && !$this->_isValidRemoteAccessToken()) {
00926 
00927             $myConfig = $this->getConfig();
00928 
00929             // checking if session user agent matches actual
00930             $blSwapped = $this->_checkUserAgent( $myUtilsServer->getServerVar( 'HTTP_USER_AGENT' ), $this->getVariable( 'sessionagent' ) );
00931             if ( !$blSwapped ) {
00932                 if ( $myConfig->getConfigParam( 'blAdodbSessionHandler' ) ) {
00933                     $blSwapped = $this->_checkSid();
00934                 }
00935 
00936                 if ( !$blSwapped ) {
00937                     $blDisableCookieCheck = $myConfig->getConfigParam( 'blDisableCookieCheck' );
00938                     $blUseCookies         = $this->_getSessionUseCookies();
00939                     if ( !$blDisableCookieCheck && $blUseCookies ) {
00940                         $blSwapped = $this->_checkCookies( $myUtilsServer->getOxCookie( 'sid_key' ), $this->getVariable( "sessioncookieisset" ) );
00941                     }
00942                 }
00943             }
00944         }
00945 
00946         return $blSwapped;
00947     }
00948 
00957     protected function _checkUserAgent( $sAgent, $sExistingAgent )
00958     {
00959         $blCheck = false;
00960 
00961         // processing
00962         $oUtils = oxRegistry::get("oxUtilsServer");
00963         $sAgent = $oUtils->processUserAgentInfo( $sAgent );
00964         $sExistingAgent = $oUtils->processUserAgentInfo( $sExistingAgent );
00965 
00966         if ( $sAgent && $sAgent !== $sExistingAgent ) {
00967             if ( $sExistingAgent ) {
00968                 $this->_sErrorMsg = "Different browser ({$sExistingAgent}, {$sAgent}), creating new SID...<br>";
00969             }
00970             $blCheck = true;
00971         }
00972 
00973         return $blCheck;
00974     }
00975 
00981     protected function _checkSid()
00982     {
00983         $oDb = oxDb::getDb();
00984         //matze changed sesskey to SessionID because structure of oxsession changed!!
00985         $sSID = $oDb->getOne("select SessionID from oxsessions where SessionID = ".$oDb->quote( $this->getId() ));
00986 
00987         //2007-05-14
00988         //we check _blNewSession as well as this may be actually new session not written to db yet
00989         if ( !$this->_blNewSession && (!isset( $sSID) || !$sSID)) {
00990             // this means, that this session has expired in the past and someone uses this sid to reactivate it
00991             $this->_sErrorMsg = "Session has expired in the past and someone uses this sid to reactivate it, creating new SID...<br>";
00992             return true;
00993         }
00994         return false;
00995     }
00996 
01006     protected function _checkCookies( $sCookieSid, $aSessCookieSetOnce )
01007     {
01008         $blSwapped = false;
01009         $myConfig  = $this->getConfig();
01010         $sCurrUrl  = $myConfig->isSsl() ? $myConfig->getSslShopUrl() : $myConfig->getShopUrl();
01011 
01012         $blSessCookieSetOnce = false;
01013         if ( is_array($aSessCookieSetOnce) && isset( $aSessCookieSetOnce[$sCurrUrl] ) ) {
01014             $blSessCookieSetOnce = $aSessCookieSetOnce[$sCurrUrl];
01015         }
01016 
01017         //if cookie was there once but now is gone it means we have to reset
01018         if ( $blSessCookieSetOnce && !$sCookieSid ) {
01019             if ( $myConfig->getConfigParam( 'iDebug' ) ) {
01020                 $this->_sErrorMsg  = "Cookie not found, creating new SID...<br>";
01021                 $this->_sErrorMsg .= "Cookie: $sCookieSid<br>";
01022                 $this->_sErrorMsg .= "Session: $blSessCookieSetOnce<br>";
01023                 $this->_sErrorMsg .= "URL: ".$sCurrUrl."<br>";
01024             }
01025             $blSwapped = true;
01026         }
01027 
01028         //if we detect the cookie then set session var for possible later use
01029         if ( $sCookieSid == "oxid" && !$blSessCookieSetOnce ) {
01030             if (!is_array($aSessCookieSetOnce)) {
01031                 $aSessCookieSetOnce = array();
01032             }
01033 
01034             $aSessCookieSetOnce[$sCurrUrl] = "ox_true";
01035             $this->setVariable( "sessioncookieisset", $aSessCookieSetOnce );
01036         }
01037 
01038         //if we have no cookie then try to set it
01039         if ( !$sCookieSid ) {
01040             oxRegistry::get("oxUtilsServer")->setOxCookie( 'sid_key', 'oxid' );
01041         }
01042         return $blSwapped;
01043     }
01044 
01052     protected function _setSessionId($sSessId)
01053     {
01054         //marking this session as new one, as it might be not writen to db yet
01055         if ( $sSessId && session_id() != $sSessId ) {
01056             $this->_blNewSession = true;
01057         }
01058 
01059         session_id( $sSessId );
01060 
01061         $this->setId( $sSessId );
01062 
01063         $blUseCookies = $this->_getSessionUseCookies();
01064 
01065         if ( !$this->_allowSessionStart() ) {
01066             if ( $blUseCookies ) {
01067                 oxRegistry::get("oxUtilsServer")->setOxCookie( $this->getName(), null );
01068             }
01069             return;
01070         }
01071 
01072         if ( $blUseCookies ) {
01073             //setting session cookie
01074             oxRegistry::get("oxUtilsServer")->setOxCookie( $this->getName(), $sSessId );
01075         }
01076     }
01077 
01083     protected function _getBasketName()
01084     {
01085         $myConfig = $this->getConfig();
01086         if ( $myConfig->getConfigParam( 'blMallSharedBasket' ) == 0 ) {
01087             return $myConfig->getShopId()."_basket";
01088         }
01089         return "basket";
01090     }
01091 
01097     protected function _getCookieSid()
01098     {
01099         return oxRegistry::get("oxUtilsServer")->getOxCookie($this->getName());
01100     }
01101 
01108     protected function _getRequireSessionWithParams()
01109     {
01110         $aCfgArray = $this->getConfig()->getConfigParam('aRequireSessionWithParams');
01111         if (is_array($aCfgArray)) {
01112             $aDefault = $this->_aRequireSessionWithParams;
01113             foreach ($aCfgArray as $key => $val) {
01114                 if (!is_array($val) && $val) {
01115                     unset($aDefault[$key]);
01116                 }
01117             }
01118             return array_merge_recursive($aCfgArray, $aDefault);
01119         }
01120         return $this->_aRequireSessionWithParams;
01121     }
01122 
01128     protected function _isSessionRequiredAction()
01129     {
01130         foreach ($this->_getRequireSessionWithParams() as $sParam => $aValues) {
01131             $sValue = $this->getConfig()->getRequestParameter( $sParam );
01132             if (isset($sValue)) {
01133                 if (is_array($aValues)) {
01134                     if (isset($aValues[$sValue]) && $aValues[$sValue]) {
01135                         return true;
01136                     }
01137                 } elseif ($aValues) {
01138                     return true;
01139                 }
01140             }
01141         }
01142 
01143         return ( isset( $_SERVER['REQUEST_METHOD'] ) && $_SERVER['REQUEST_METHOD'] == 'POST');
01144     }
01145 
01151     protected function _getSessionUseCookies()
01152     {
01153         return $this->isAdmin() || $this->getConfig()->getConfigParam( 'blSessionUseCookies');
01154     }
01155 
01161     protected function _isValidRemoteAccessToken()
01162     {
01163         $sInputToken = $this->getConfig()->getRequestParameter( 'rtoken' );
01164         $sToken = $this->getRemoteAccessToken(false);
01165         $blTokenEqual = !(bool)strcmp($sInputToken, $sToken);
01166         $blValid = $sInputToken && $blTokenEqual;
01167 
01168         return $blValid;
01169     }
01170 
01176     public function getBasketReservations()
01177     {
01178         if (!$this->_oBasketReservations) {
01179             $this->_oBasketReservations = oxNew('oxBasketReservation');
01180         }
01181         return $this->_oBasketReservations;
01182     }
01183 
01189     public function isHeaderSent()
01190     {
01191         return headers_sent();
01192     }
01193 
01199     public function isSessionStarted()
01200     {
01201         return $this->_blStarted;
01202     }
01203 
01204 
01205 }