OXID eShop CE  4.8.12
 All Classes Files Functions Variables Pages
oxsession.php
Go to the documentation of this file.
1 <?php
2 
3 DEFINE('_DB_SESSION_HANDLER', getShopBasePath() . 'core/adodblite/session/adodb-session.php');
4 
10 class oxSession extends oxSuperCfg
11 {
17  protected $_sName = 'sid';
18 
24  protected $_sForcedPrefix = 'force_';
25 
30  protected $_sId = null;
31 
37  protected static $_blIsNewSession = false;
38 
42  protected static $_instance = null;
43 
48  protected static $_oUser = null;
49 
56  protected $_blNewSession = false;
57 
63  protected $_blForceNewSession = false;
64 
70  protected $_sErrorMsg = null;
71 
77  protected $_oBasket = null;
78 
84  protected $_oBasketReservations = null;
85 
91  protected $_blStarted = false;
92 
101  protected $_aRequireSessionWithParams = array(
102  'cl' => array (
103  'register' => true,
104  'account' => true,
105  ),
106  'fnc' => array (
107  'tobasket' => true,
108  'login_noredirect' => true,
109  'tocomparelist' => true,
110  ),
111  '_artperpage' => true,
112  'ldtype' => true,
113  'listorderby' => true,
114  );
115 
121  protected $_blSidNeeded = null;
122 
128  protected $_aPersistentParams = array("actshop", "lang", "currency", "language", "tpllanguage");
129 
137  public static function getInstance()
138  {
139  return oxRegistry::getSession();
140  }
141 
147  public function getId()
148  {
149  return $this->_sId;
150  }
151 
159  public function setId($sVal)
160  {
161  $this->_sId = $sVal;
162  }
163 
171  public function setName($sVal)
172  {
173  $this->_sName = $sVal;
174  }
175 
181  public function getForcedName()
182  {
183  return $this->_sForcedPrefix . $this->getName();
184  }
185 
191  public function getName()
192  {
193  return $this->_sName;
194  }
195 
201  public function start()
202  {
203  $myConfig = $this->getConfig();
204  $sid = null;
205 
206  if ( $this->isAdmin() ) {
207  $this->setName("admin_sid");
208  } else {
209  $this->setName("sid");
210  }
211 
212  $sForceSidParam = $myConfig->getRequestParameter( $this->getForcedName() );
213  $sSidParam = $myConfig->getRequestParameter( $this->getName() );
214 
215  //forcing sid for SSL<->nonSSL transitions
216  if ($sForceSidParam) {
217  $sid = $sForceSidParam;
218  } elseif ($this->_getSessionUseCookies() && $this->_getCookieSid()) {
219  $sid = $this->_getCookieSid();
220  } elseif ($sSidParam) {
221  $sid = $sSidParam;
222  }
223 
224  //starting session if only we can
225  if ( $this->_allowSessionStart() ) {
226 
227  //creating new sid
228  if ( !$sid ) {
229  self::$_blIsNewSession = true;
230  $this->initNewSession();
231  } else {
232  self::$_blIsNewSession = false;
233  $this->_setSessionId( $sid );
234  $this->_sessionStart();
235  }
236 
237  //special handling for new ZP cluster session, as in that case session_start() regenerates id
238  if ( $this->_sId != session_id() ) {
239  $this->_setSessionId( session_id() );
240  }
241 
242  //checking for swapped client
243  $blSwapped = $this->_isSwappedClient();
244  if ( !self::$_blIsNewSession && $blSwapped ) {
245  $this->initNewSession();
246 
247  // passing notification about session problems
248  if ( $this->_sErrorMsg && $myConfig->getConfigParam( 'iDebug' ) ) {
249  oxRegistry::get("oxUtilsView")->addErrorToDisplay( oxNew( "oxException", $this->_sErrorMsg ) );
250  }
251  } elseif ( !$blSwapped ) {
252  // transferring cookies between hosts
253  oxRegistry::get("oxUtilsServer")->loadSessionCookies();
254  }
255  }
256  }
257 
263  public function getRequestChallengeToken()
264  {
265  return preg_replace('/[^a-z0-9]/i', '', $this->getConfig()->getRequestParameter( 'stoken') );
266  }
267 
273  public function getSessionChallengeToken()
274  {
275  $sRet = preg_replace('/[^a-z0-9]/i', '', $this->getVariable( 'sess_stoken' ) );
276  if (!$sRet) {
277  $this->_initNewSessionChallenge();
278  $sRet = $this->getVariable( 'sess_stoken' );
279  }
280  return $sRet;
281  }
282 
289  public function checkSessionChallenge()
290  {
291  $sToken = $this->getSessionChallengeToken();
292  return $sToken && ($sToken == $this->getRequestChallengeToken());
293  }
294 
300  protected function _initNewSessionChallenge()
301  {
302  $this->setVariable('sess_stoken', sprintf('%X', crc32(oxUtilsObject::getInstance()->generateUID())));
303  }
304 
310  protected function _sessionStart()
311  {
312  $blSetNoCache = true;
313  if ( $blSetNoCache ) {
314  //enforcing no caching when session is started
315  session_cache_limiter( 'nocache' );
316 
317  //cache limiter workaround for AOL browsers
318  //as suggested at http://ilia.ws/archives/59-AOL-Browser-Woes.html
319  if ( isset( $_SERVER['HTTP_USER_AGENT'] ) &&
320  strpos( $_SERVER['HTTP_USER_AGENT'], 'AOL' ) !== false ) {
321 
322  session_cache_limiter(false);
323  header("Cache-Control: no-store, private, must-revalidate, proxy-revalidate, post-check=0, pre-check=0, max-age=0, s-maxage=0");
324  }
325  }
326 
327  // Including database session managing class if needed.
328  if (oxRegistry::getConfig()->getConfigParam( 'blAdodbSessionHandler' ) ) {
329  $oDB = oxDb::getDb();
330  include_once _DB_SESSION_HANDLER;
331  }
332 
333  $this->_blStarted = @session_start();
334  if ( !$this->getSessionChallengeToken() ) {
335  $this->_initNewSessionChallenge();
336  }
337 
338  return $this->_blStarted;
339  }
340 
346  public function initNewSession()
347  {
348  // starting session only if it was not started yet
349  if ( self::$_blIsNewSession ) {
350  $this->_sessionStart();
351  }
352 
353  //saving persistent params if old session exists
354  $aPersistent = array();
355  foreach ( $this->_aPersistentParams as $sParam ) {
356  if ( ( $sValue = $this->getVariable( $sParam ) ) ) {
357  $aPersistent[$sParam] = $sValue;
358  }
359  }
360 
361  $this->_setSessionId( $this->_getNewSessionId() );
362 
363  //restoring persistent params to session
364  foreach ( $aPersistent as $sKey => $sParam ) {
365  $this->setVariable( $sKey, $aPersistent[$sKey] );
366  }
367 
368  $this->_initNewSessionChallenge();
369 
370  // (re)setting actual user agent when initiating new session
371  $this->setVariable( "sessionagent", oxRegistry::get("oxUtilsServer")->getServerVar( 'HTTP_USER_AGENT' ) );
372  }
373 
379  public function regenerateSessionId()
380  {
381  // starting session only if it was not started yet
382  if ( self::$_blIsNewSession ) {
383  $this->_sessionStart();
384 
385  // (re)setting actual user agent when initiating new session
386  $this->setVariable( "sessionagent", oxRegistry::get("oxUtilsServer")->getServerVar( 'HTTP_USER_AGENT' ) );
387  }
388 
389  $this->_setSessionId( $this->_getNewSessionId( false ) );
390  $this->_initNewSessionChallenge();
391  }
392 
401  protected function _getNewSessionId( $blUnset = true )
402  {
403  $sOldId = session_id();
404  @session_regenerate_id( ! oxRegistry::getConfig()->getConfigParam( 'blAdodbSessionHandler' ) );
405  $sNewId = session_id();
406 
407  if ( $blUnset ) {
408  session_unset();
409  }
410 
411  if ( oxRegistry::getConfig()->getConfigParam( 'blAdodbSessionHandler' ) ) {
412  $oDB = oxDb::getDb();
413  $oDB->execute("UPDATE oxsessions SET SessionID = ".$oDB->quote( $sNewId )." WHERE SessionID = ".$oDB->quote( $sOldId ) );
414  }
415 
416  return session_id();
417  }
418 
424  public function freeze()
425  {
426  // storing basket ..
427  $this->setVariable( $this->_getBasketName(), serialize( $this->getBasket() ) );
428 
429  session_write_close();
430  }
431 
437  public function destroy()
438  {
439  //session_unset();
440  unset($_SESSION);
441  session_destroy();
442  }
443 
453  public static function hasVar( $name )
454  {
455  return oxRegistry::getSession()->hasVariable( $name );
456  }
457 
465  public function hasVariable( $name )
466  {
467  if ( defined( 'OXID_PHP_UNIT' ) ) {
468  if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
469  try {
470  $sVal = modSession::getInstance()->getVar( $name );
471  return isset( $sVal );
472  } catch( Exception $e ) {
473  // if exception is thrown, use default
474  }
475  }
476  }
477 
478  return isset( $_SESSION[$name] );
479  }
480 
491  public static function setVar( $name, $value )
492  {
493 
494  return oxRegistry::getSession()->setVariable( $name, $value );
495  }
496 
505  public function setVariable( $name, $value )
506  {
507  if ( defined( 'OXID_PHP_UNIT' ) ) {
508  if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
509  try{
510  return modSession::getInstance()->setVar( $name, $value );
511  } catch( Exception $e ) {
512  // if exception is thrown, use default
513  }
514  }
515  }
516 
517  $_SESSION[$name] = $value;
518  //logger( "set sessionvar : $name -> $value");
519  }
520 
530  public static function getVar( $name )
531  {
532  return oxRegistry::getSession()->getVariable( $name );
533  }
534 
542  public function getVariable( $name )
543  {
544  if ( defined( 'OXID_PHP_UNIT' ) ) {
545  if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
546  try{
547  return modSession::getInstance()->getVar( $name );
548  } catch( Exception $e ) {
549  // if exception is thrown, use default
550  }
551  }
552  }
553 
554  if ( isset( $_SESSION[$name] )) {
555  return $_SESSION[$name];
556  } else {
557  return null;
558  }
559  }
560 
570  public static function deleteVar( $name )
571  {
572  oxRegistry::getSession()->deleteVariable( $name );
573  }
574 
582  public function deleteVariable( $name )
583  {
584  if ( defined( 'OXID_PHP_UNIT' ) ) {
585  if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
586  try{
587  return modSession::getInstance()->setVar( $name, null );
588  } catch( Exception $e ) {
589  // if exception is thrown, use default
590  }
591  }
592  }
593 
594  $_SESSION[$name] = null;
595  //logger( "delete sessionvar : $name");
596  unset( $_SESSION[$name] );
597  }
598 
608  public function sid( $blForceSid = false )
609  {
610  $myConfig = $this->getConfig();
611  $blUseCookies = $this->_getSessionUseCookies();
612  $sRet = '';
613 
614  $blDisableSid = oxRegistry::getUtils()->isSearchEngine()
615  && is_array($myConfig->getConfigParam( 'aCacheViews' ) )
616  && !$this->isAdmin();
617 
618  //no cookie?
619  if (!$blDisableSid && $this->getId() && ( $blForceSid || !$blUseCookies || !$this->_getCookieSid())) {
620  $sRet = ( $blForceSid ? $this->getForcedName() : $this->getName() )."=".$this->getId();
621  }
622 
623  if ($this->isAdmin()) {
624  // admin mode always has to have token
625  if ($sRet) {
626  $sRet .= '&amp;';
627  }
628  $sRet .= 'stoken='.$this->getSessionChallengeToken();
629  }
630 
631  return $sRet;
632  }
633 
639  public function hiddenSid()
640  {
641  $sSid = $sToken = '';
642  if ($this->isSidNeeded()) {
643  $sSid = "<input type=\"hidden\" name=\"".$this->getForcedName()."\" value=\"". $this->getId() . "\" />";
644  }
645  if ($this->getId()) {
646  $sToken = "<input type=\"hidden\" name=\"stoken\" value=\"".$this->getSessionChallengeToken(). "\" />";
647  }
648  return $sToken.$sSid;
649  }
650 
656  public function getBasket()
657  {
658  if ( $this->_oBasket === null ) {
659  $sBasket = $this->getVariable( $this->_getBasketName() );
660 
661  //init oxbasketitem class first
662  //#1746
663  oxNew('oxbasketitem');
664 
665  // init oxbasket through oxNew and not oxAutoload, Mantis-Bug #0004262
666  $oEmptyBasket = oxNew('oxbasket');
667 
668  $oBasket = ( $sBasket && ( $oBasket = unserialize( $sBasket ) ) ) ? $oBasket : null;
669 
670  if ( !$oBasket || ( get_class($oBasket) !== get_class($oEmptyBasket) ) ) {
671  $oBasket = $oEmptyBasket;
672  }
673 
674  $this->_validateBasket($oBasket);
675  $this->setBasket( $oBasket );
676  }
677 
678  return $this->_oBasket;
679  }
680 
688  protected function _validateBasket(oxBasket $oBasket)
689  {
690  $aCurrContent = $oBasket->getContents();
691  if (empty($aCurrContent)) {
692  return;
693  }
694 
695  $iCurrLang = oxRegistry::getLang()->getBaseLanguage();
696  foreach ($aCurrContent as $oContent) {
697  if ($oContent->getLanguageId() != $iCurrLang) {
698  $oContent->setLanguageId($iCurrLang);
699  }
700  }
701  }
702 
710  public function setBasket( $oBasket )
711  {
712  // sets basket session object
713  $this->_oBasket = $oBasket;
714  }
715 
721  public function delBasket()
722  {
723  $this->setBasket( null );
724  $this->deleteVariable( $this->_getBasketName());
725  }
726 
732  public function isNewSession()
733  {
734  return self::$_blIsNewSession;
735  }
736 
743  public function setForceNewSession()
744  {
745  $this->_blForceNewSession = true;
746  }
747 
755  public function isSidNeeded( $sUrl = null )
756  {
757  if ($this->isAdmin()) {
758  return true;
759  }
760 
761  $oConfig = $this->getConfig();
762 
763  if ( !$this->_getSessionUseCookies() || ( $sUrl && $this->_getCookieSid() && !$oConfig->isCurrentProtocol($sUrl) ) ) {
764  // switching from ssl to non ssl or vice versa?
765  return true;
766  }
767 
768  if ( $sUrl && !$oConfig->isCurrentUrl( $sUrl ) ) {
769  return true;
770  } elseif ( $this->_blSidNeeded === null ) {
771  // setting initial state
772  $this->_blSidNeeded = false;
773 
774  // no SIDs for seach engines
775  if ( !oxRegistry::getUtils()->isSearchEngine() ) {
776  // cookie found - SID is not needed
777  if ( oxRegistry::get("oxUtilsServer")->getOxCookie( $this->getName() ) ) {
778  $this->_blSidNeeded = false;
779  } elseif ( $this->_forceSessionStart() ) {
780  $this->_blSidNeeded = true;
781  } else {
782  // no cookie, so must check session
783  if ( $blSidNeeded = $this->getVariable( 'blSidNeeded' ) ) {
784  $this->_blSidNeeded = true;
785  } elseif ( $this->_isSessionRequiredAction() ) {
786 
787  if (!count($_COOKIE)) {
788  $this->_blSidNeeded = true;
789 
790  // storing to session, performance..
791  $this->setVariable( 'blSidNeeded', $this->_blSidNeeded );
792  }
793  }
794  }
795  }
796  }
797 
798  return $this->_blSidNeeded;
799  }
800 
808  public function isActualSidInCookie()
809  {
810  $blReturn = (isset($_COOKIE[$this->getName()]) && ($_COOKIE[$this->getName()] == $this->getId()));
811  return $blReturn;
812  }
813 
825  public function processUrl( $sUrl )
826  {
827  $blSid = $this->isSidNeeded( $sUrl );
828 
829  if ($blSid) {
830  $sSid = $this->sid( $blSid );
831 
832  if ($sSid) {
833 
834  $oStr = getStr();
835  $aUrlParts = explode( '#', $sUrl );
836  if ( !$oStr->preg_match('/(\?|&(amp;)?)sid=/i', $aUrlParts[0]) && (false === $oStr->strpos($aUrlParts[0], $sSid))) {
837  if (!$oStr->preg_match('/(\?|&(amp;)?)$/', $sUrl)) {
838  $aUrlParts[0] .= ( $oStr->strstr( $aUrlParts[0], '?' ) !== false ? '&amp;' : '?' );
839  }
840  $aUrlParts[0] .= $sSid . '&amp;';
841  }
842  $sUrl = join( '#', $aUrlParts );
843  }
844  }
845  return $sUrl;
846  }
847 
857  public function getRemoteAccessToken($blGenerateNew = true)
858  {
859  $sToken = $this->getVar('_rtoken');
860  if (!$sToken && $blGenerateNew) {
861  $sToken = md5(rand() . $this->getId());
862  $sToken = substr($sToken, 0, 8);
863  $this->setVariable( '_rtoken', $sToken );
864  }
865 
866  return $sToken;
867  }
868 
875  protected function _forceSessionStart()
876  {
877  return ( !oxRegistry::getUtils()->isSearchEngine() ) && ( (( bool ) $this->getConfig()->getConfigParam( 'blForceSessionStart' )) || $this->getConfig()->getRequestParameter( "su" ) || $this->_blForceNewSession );
878  }
879 
885  protected function _allowSessionStart()
886  {
887  $blAllowSessionStart = true;
888  $myConfig = $this->getConfig();
889 
890  // special handling only in non-admin mode
891  if ( !$this->isAdmin() ) {
892  if ( oxRegistry::getUtils()->isSearchEngine() || $myConfig->getRequestParameter( 'skipSession' ) ) {
893  $blAllowSessionStart = false;
894  } elseif (oxRegistry::get("oxUtilsServer")->getOxCookie( 'oxid_'.$myConfig->getShopId().'_autologin' ) === '1') {
895  $blAllowSessionStart = true;
896  } elseif ( !$this->_forceSessionStart() && !oxRegistry::get("oxUtilsServer")->getOxCookie( 'sid_key' ) ) {
897 
898  // session is not needed to start when it is not necessary:
899  // - no sid in request and also user executes no session connected action
900  // - no cookie set and user executes no session connected action
901  if ( !oxRegistry::get("oxUtilsServer")->getOxCookie( $this->getName() ) &&
902  !( $myConfig->getRequestParameter( $this->getName() ) || $myConfig->getRequestParameter( $this->getForcedName() ) ) &&
903  !$this->_isSessionRequiredAction() ) {
904  $blAllowSessionStart = false;
905  }
906  }
907  }
908 
909  return $blAllowSessionStart;
910  }
911 
919  protected function _isSwappedClient()
920  {
921  $blSwapped = false;
922  $myUtilsServer = oxRegistry::get("oxUtilsServer");
923 
924  // check only for non search engines
925  if ( !oxRegistry::getUtils()->isSearchEngine() && !$myUtilsServer->isTrustedClientIp() && !$this->_isValidRemoteAccessToken()) {
926 
927  $myConfig = $this->getConfig();
928 
929  // checking if session user agent matches actual
930  $blSwapped = $this->_checkUserAgent( $myUtilsServer->getServerVar( 'HTTP_USER_AGENT' ), $this->getVariable( 'sessionagent' ) );
931  if ( !$blSwapped ) {
932  if ( $myConfig->getConfigParam( 'blAdodbSessionHandler' ) ) {
933  $blSwapped = $this->_checkSid();
934  }
935 
936  if ( !$blSwapped ) {
937  $blDisableCookieCheck = $myConfig->getConfigParam( 'blDisableCookieCheck' );
938  $blUseCookies = $this->_getSessionUseCookies();
939  if ( !$blDisableCookieCheck && $blUseCookies ) {
940  $blSwapped = $this->_checkCookies( $myUtilsServer->getOxCookie( 'sid_key' ), $this->getVariable( "sessioncookieisset" ) );
941  }
942  }
943  }
944  }
945 
946  return $blSwapped;
947  }
948 
957  protected function _checkUserAgent( $sAgent, $sExistingAgent )
958  {
959  $blCheck = false;
960 
961  // processing
962  $oUtils = oxRegistry::get("oxUtilsServer");
963  $sAgent = $oUtils->processUserAgentInfo( $sAgent );
964  $sExistingAgent = $oUtils->processUserAgentInfo( $sExistingAgent );
965 
966  if ( $sAgent && $sAgent !== $sExistingAgent ) {
967  if ( $sExistingAgent ) {
968  $this->_sErrorMsg = "Different browser ({$sExistingAgent}, {$sAgent}), creating new SID...<br>";
969  }
970  $blCheck = true;
971  }
972 
973  return $blCheck;
974  }
975 
981  protected function _checkSid()
982  {
983  $oDb = oxDb::getDb();
984  //matze changed sesskey to SessionID because structure of oxsession changed!!
985  $sSID = $oDb->getOne("select SessionID from oxsessions where SessionID = ".$oDb->quote( $this->getId() ));
986 
987  //2007-05-14
988  //we check _blNewSession as well as this may be actually new session not written to db yet
989  if ( !$this->_blNewSession && (!isset( $sSID) || !$sSID)) {
990  // this means, that this session has expired in the past and someone uses this sid to reactivate it
991  $this->_sErrorMsg = "Session has expired in the past and someone uses this sid to reactivate it, creating new SID...<br>";
992  return true;
993  }
994  return false;
995  }
996 
1006  protected function _checkCookies( $sCookieSid, $aSessCookieSetOnce )
1007  {
1008  $blSwapped = false;
1009  $myConfig = $this->getConfig();
1010  $sCurrUrl = $myConfig->isSsl() ? $myConfig->getSslShopUrl() : $myConfig->getShopUrl();
1011 
1012  $blSessCookieSetOnce = false;
1013  if ( is_array($aSessCookieSetOnce) && isset( $aSessCookieSetOnce[$sCurrUrl] ) ) {
1014  $blSessCookieSetOnce = $aSessCookieSetOnce[$sCurrUrl];
1015  }
1016 
1017  //if cookie was there once but now is gone it means we have to reset
1018  if ( $blSessCookieSetOnce && !$sCookieSid ) {
1019  if ( $myConfig->getConfigParam( 'iDebug' ) ) {
1020  $this->_sErrorMsg = "Cookie not found, creating new SID...<br>";
1021  $this->_sErrorMsg .= "Cookie: $sCookieSid<br>";
1022  $this->_sErrorMsg .= "Session: $blSessCookieSetOnce<br>";
1023  $this->_sErrorMsg .= "URL: ".$sCurrUrl."<br>";
1024  }
1025  $blSwapped = true;
1026  }
1027 
1028  //if we detect the cookie then set session var for possible later use
1029  if ( $sCookieSid == "oxid" && !$blSessCookieSetOnce ) {
1030  if (!is_array($aSessCookieSetOnce)) {
1031  $aSessCookieSetOnce = array();
1032  }
1033 
1034  $aSessCookieSetOnce[$sCurrUrl] = "ox_true";
1035  $this->setVariable( "sessioncookieisset", $aSessCookieSetOnce );
1036  }
1037 
1038  //if we have no cookie then try to set it
1039  if ( !$sCookieSid ) {
1040  oxRegistry::get("oxUtilsServer")->setOxCookie( 'sid_key', 'oxid' );
1041  }
1042  return $blSwapped;
1043  }
1044 
1052  protected function _setSessionId($sSessId)
1053  {
1054  //marking this session as new one, as it might be not writen to db yet
1055  if ( $sSessId && session_id() != $sSessId ) {
1056  $this->_blNewSession = true;
1057  }
1058 
1059  session_id( $sSessId );
1060 
1061  $this->setId( $sSessId );
1062 
1063  $blUseCookies = $this->_getSessionUseCookies();
1064 
1065  if ( !$this->_allowSessionStart() ) {
1066  if ( $blUseCookies ) {
1067  oxRegistry::get("oxUtilsServer")->setOxCookie( $this->getName(), null );
1068  }
1069  return;
1070  }
1071 
1072  if ( $blUseCookies ) {
1073  //setting session cookie
1074  oxRegistry::get("oxUtilsServer")->setOxCookie( $this->getName(), $sSessId );
1075  }
1076  }
1077 
1083  protected function _getBasketName()
1084  {
1085  $myConfig = $this->getConfig();
1086  if ( $myConfig->getConfigParam( 'blMallSharedBasket' ) == 0 ) {
1087  return $myConfig->getShopId()."_basket";
1088  }
1089  return "basket";
1090  }
1091 
1097  protected function _getCookieSid()
1098  {
1099  return oxRegistry::get("oxUtilsServer")->getOxCookie($this->getName());
1100  }
1101 
1108  protected function _getRequireSessionWithParams()
1109  {
1110  $aCfgArray = $this->getConfig()->getConfigParam('aRequireSessionWithParams');
1111  if (is_array($aCfgArray)) {
1112  $aDefault = $this->_aRequireSessionWithParams;
1113  foreach ($aCfgArray as $key => $val) {
1114  if (!is_array($val) && $val) {
1115  unset($aDefault[$key]);
1116  }
1117  }
1118  return array_merge_recursive($aCfgArray, $aDefault);
1119  }
1120  return $this->_aRequireSessionWithParams;
1121  }
1122 
1128  protected function _isSessionRequiredAction()
1129  {
1130  foreach ($this->_getRequireSessionWithParams() as $sParam => $aValues) {
1131  $sValue = $this->getConfig()->getRequestParameter( $sParam );
1132  if (isset($sValue)) {
1133  if (is_array($aValues)) {
1134  if (isset($aValues[$sValue]) && $aValues[$sValue]) {
1135  return true;
1136  }
1137  } elseif ($aValues) {
1138  return true;
1139  }
1140  }
1141  }
1142 
1143  return ( isset( $_SERVER['REQUEST_METHOD'] ) && $_SERVER['REQUEST_METHOD'] == 'POST');
1144  }
1145 
1151  protected function _getSessionUseCookies()
1152  {
1153  return $this->isAdmin() || $this->getConfig()->getConfigParam( 'blSessionUseCookies');
1154  }
1155 
1161  protected function _isValidRemoteAccessToken()
1162  {
1163  $sInputToken = $this->getConfig()->getRequestParameter( 'rtoken' );
1164  $sToken = $this->getRemoteAccessToken(false);
1165  $blTokenEqual = !(bool)strcmp($sInputToken, $sToken);
1166  $blValid = $sInputToken && $blTokenEqual;
1167 
1168  return $blValid;
1169  }
1170 
1176  public function getBasketReservations()
1177  {
1178  if (!$this->_oBasketReservations) {
1179  $this->_oBasketReservations = oxNew('oxBasketReservation');
1180  }
1181  return $this->_oBasketReservations;
1182  }
1183 
1189  public function isHeaderSent()
1190  {
1191  return headers_sent();
1192  }
1193 
1199  public function isSessionStarted()
1200  {
1201  return $this->_blStarted;
1202  }
1203 
1204 
1205 }