oxsession.php

Go to the documentation of this file.
00001 <?php
00002 
00003 DEFINE('_DB_SESSION_HANDLER', getShopBasePath() . 'core/adodblite/session/adodb-session.php');
00004 
00010 class oxSession extends oxSuperCfg
00011 {
00012 
00018     protected $_sName = 'sid';
00019 
00025     protected $_sForcedPrefix = 'force_';
00026 
00032     protected $_sId = null;
00033 
00039     protected static $_blIsNewSession = false;
00040 
00046     protected static $_oUser = null;
00047 
00054     protected $_blNewSession = false;
00055 
00061     protected $_blForceNewSession = false;
00062 
00068     protected $_sErrorMsg = null;
00069 
00075     protected $_oBasket = null;
00076 
00082     protected $_oBasketReservations = null;
00083 
00089     protected $_blStarted = false;
00090 
00099     protected $_aRequireSessionWithParams = array(
00100         'cl'          => array(
00101             'register' => true,
00102             'account'  => true,
00103         ),
00104         'fnc'         => array(
00105             'tobasket'         => true,
00106             'login_noredirect' => true,
00107             'tocomparelist'    => true,
00108         ),
00109         '_artperpage' => true,
00110         'ldtype'      => true,
00111         'listorderby' => true,
00112     );
00113 
00119     protected $_blSidNeeded = null;
00120 
00126     protected $_aPersistentParams = array("actshop", "lang", "currency", "language", "tpllanguage");
00127 
00133     public function getId()
00134     {
00135         return $this->_sId;
00136     }
00137 
00143     public function setId($sVal)
00144     {
00145         $this->_sId = $sVal;
00146     }
00147 
00153     public function setName($sVal)
00154     {
00155         $this->_sName = $sVal;
00156     }
00157 
00163     public function getForcedName()
00164     {
00165         return $this->_sForcedPrefix . $this->getName();
00166     }
00167 
00173     public function getName()
00174     {
00175         return $this->_sName;
00176     }
00177 
00181     public function start()
00182     {
00183         $myConfig = $this->getConfig();
00184         $sid = null;
00185 
00186         if ($this->isAdmin()) {
00187             $this->setName("admin_sid");
00188         } else {
00189             $this->setName("sid");
00190         }
00191 
00192         $sForceSidParam = $myConfig->getRequestParameter($this->getForcedName());
00193         $sSidParam = $myConfig->getRequestParameter($this->getName());
00194 
00195         //forcing sid for SSL<->nonSSL transitions
00196         if ($sForceSidParam) {
00197             $sid = $sForceSidParam;
00198         } elseif ($this->_getSessionUseCookies() && $this->_getCookieSid()) {
00199             $sid = $this->_getCookieSid();
00200         } elseif ($sSidParam) {
00201             $sid = $sSidParam;
00202         }
00203 
00204         //starting session if only we can
00205         if ($this->_allowSessionStart()) {
00206 
00207             //creating new sid
00208             if (!$sid) {
00209                 self::$_blIsNewSession = true;
00210                 $this->initNewSession();
00211             } else {
00212                 self::$_blIsNewSession = false;
00213                 $this->_setSessionId($sid);
00214                 $this->_sessionStart();
00215             }
00216 
00217             //special handling for new ZP cluster session, as in that case session_start() regenerates id
00218             if ($this->_sId != session_id()) {
00219                 $this->_setSessionId(session_id());
00220             }
00221 
00222             //checking for swapped client
00223             $blSwapped = $this->_isSwappedClient();
00224             if (!self::$_blIsNewSession && $blSwapped) {
00225                 $this->initNewSession();
00226 
00227                 // passing notification about session problems
00228                 if ($this->_sErrorMsg && $myConfig->getConfigParam('iDebug')) {
00229                     oxRegistry::get("oxUtilsView")->addErrorToDisplay(oxNew("oxException", $this->_sErrorMsg));
00230                 }
00231             } elseif (!$blSwapped) {
00232                 // transferring cookies between hosts
00233                 oxRegistry::get("oxUtilsServer")->loadSessionCookies();
00234             }
00235         }
00236     }
00237 
00243     public function getRequestChallengeToken()
00244     {
00245         return preg_replace('/[^a-z0-9]/i', '', $this->getConfig()->getRequestParameter('stoken'));
00246     }
00247 
00253     public function getSessionChallengeToken()
00254     {
00255         $sRet = preg_replace('/[^a-z0-9]/i', '', $this->getVariable('sess_stoken'));
00256         if (!$sRet) {
00257             $this->_initNewSessionChallenge();
00258             $sRet = $this->getVariable('sess_stoken');
00259         }
00260 
00261         return $sRet;
00262     }
00263 
00270     public function checkSessionChallenge()
00271     {
00272         $sToken = $this->getSessionChallengeToken();
00273 
00274         return $sToken && ($sToken == $this->getRequestChallengeToken());
00275     }
00276 
00280     protected function _initNewSessionChallenge()
00281     {
00282         $this->setVariable('sess_stoken', sprintf('%X', crc32(oxUtilsObject::getInstance()->generateUID())));
00283     }
00284 
00290     protected function _sessionStart()
00291     {
00292         $blSetNoCache = true;
00293         if ($blSetNoCache) {
00294             //enforcing no caching when session is started
00295             session_cache_limiter('nocache');
00296 
00297             //cache limiter workaround for AOL browsers
00298             //as suggested at http://ilia.ws/archives/59-AOL-Browser-Woes.html
00299             if (isset($_SERVER['HTTP_USER_AGENT']) &&
00300                 strpos($_SERVER['HTTP_USER_AGENT'], 'AOL') !== false
00301             ) {
00302 
00303                 session_cache_limiter(false);
00304                 header("Cache-Control: no-store, private, must-revalidate, proxy-revalidate, post-check=0, pre-check=0, max-age=0, s-maxage=0");
00305             }
00306         }
00307 
00308         // Including database session managing class if needed.
00309         if (oxRegistry::getConfig()->getConfigParam('blAdodbSessionHandler')) {
00310             $oDB = oxDb::getDb();
00311             include_once _DB_SESSION_HANDLER;
00312         }
00313 
00314         $this->_blStarted = @session_start();
00315         if (!$this->getSessionChallengeToken()) {
00316             $this->_initNewSessionChallenge();
00317         }
00318 
00319         return $this->_blStarted;
00320     }
00321 
00325     public function initNewSession()
00326     {
00327         // starting session only if it was not started yet
00328         if (self::$_blIsNewSession) {
00329             $this->_sessionStart();
00330         }
00331 
00332         //saving persistent params if old session exists
00333         $aPersistent = array();
00334         foreach ($this->_aPersistentParams as $sParam) {
00335             if (($sValue = $this->getVariable($sParam))) {
00336                 $aPersistent[$sParam] = $sValue;
00337             }
00338         }
00339 
00340         $this->_setSessionId($this->_getNewSessionId());
00341 
00342         //restoring persistent params to session
00343         foreach ($aPersistent as $sKey => $sParam) {
00344             $this->setVariable($sKey, $aPersistent[$sKey]);
00345         }
00346 
00347         $this->_initNewSessionChallenge();
00348 
00349         // (re)setting actual user agent when initiating new session
00350         $this->setVariable("sessionagent", oxRegistry::get("oxUtilsServer")->getServerVar('HTTP_USER_AGENT'));
00351     }
00352 
00356     public function regenerateSessionId()
00357     {
00358         // starting session only if it was not started yet
00359         if (self::$_blIsNewSession) {
00360             $this->_sessionStart();
00361 
00362             // (re)setting actual user agent when initiating new session
00363             $this->setVariable("sessionagent", oxRegistry::get("oxUtilsServer")->getServerVar('HTTP_USER_AGENT'));
00364         }
00365 
00366         $this->_setSessionId($this->_getNewSessionId(false));
00367         $this->_initNewSessionChallenge();
00368     }
00369 
00378     protected function _getNewSessionId($blUnset = true)
00379     {
00380         $sOldId = session_id();
00381         @session_regenerate_id(!oxRegistry::getConfig()->getConfigParam('blAdodbSessionHandler'));
00382         $sNewId = session_id();
00383 
00384         if ($blUnset) {
00385             session_unset();
00386         }
00387 
00388         if (oxRegistry::getConfig()->getConfigParam('blAdodbSessionHandler')) {
00389             $oDB = oxDb::getDb();
00390             $oDB->execute("UPDATE oxsessions SET SessionID = " . $oDB->quote($sNewId) . " WHERE SessionID = " . $oDB->quote($sOldId));
00391         }
00392 
00393         return session_id();
00394     }
00395 
00399     public function freeze()
00400     {
00401         // storing basket ..
00402         $this->setVariable($this->_getBasketName(), serialize($this->getBasket()));
00403 
00404         session_write_close();
00405     }
00406 
00410     public function destroy()
00411     {
00412         //session_unset();
00413         unset($_SESSION);
00414         session_destroy();
00415     }
00416 
00424     public function hasVariable($name)
00425     {
00426         if (defined('OXID_PHP_UNIT')) {
00427             if (isset(modSession::$unitMOD) && is_object(modSession::$unitMOD)) {
00428                 try {
00429                     $sVal = modSession::getInstance()->getVar($name);
00430 
00431                     return isset($sVal);
00432                 } catch (Exception $e) {
00433                     // if exception is thrown, use default
00434                 }
00435             }
00436         }
00437 
00438         return isset($_SESSION[$name]);
00439     }
00440 
00449     public function setVariable($name, $value)
00450     {
00451         if (defined('OXID_PHP_UNIT')) {
00452             if (isset(modSession::$unitMOD) && is_object(modSession::$unitMOD)) {
00453                 try {
00454                     return modSession::getInstance()->setVar($name, $value);
00455                 } catch (Exception $e) {
00456                     // if exception is thrown, use default
00457                 }
00458             }
00459         }
00460 
00461         $_SESSION[$name] = $value;
00462         //logger( "set sessionvar : $name -> $value");
00463     }
00464 
00472     public function getVariable($name)
00473     {
00474         if (defined('OXID_PHP_UNIT')) {
00475             if (isset(modSession::$unitMOD) && is_object(modSession::$unitMOD)) {
00476                 try {
00477                     return modSession::getInstance()->getVar($name);
00478                 } catch (Exception $e) {
00479                     // if exception is thrown, use default
00480                 }
00481             }
00482         }
00483 
00484         if (isset($_SESSION[$name])) {
00485             return $_SESSION[$name];
00486         } else {
00487             return null;
00488         }
00489     }
00490 
00498     public function deleteVariable($name)
00499     {
00500         if (defined('OXID_PHP_UNIT')) {
00501             if (isset(modSession::$unitMOD) && is_object(modSession::$unitMOD)) {
00502                 try {
00503                     return modSession::getInstance()->setVar($name, null);
00504                 } catch (Exception $e) {
00505                     // if exception is thrown, use default
00506                 }
00507             }
00508         }
00509 
00510         $_SESSION[$name] = null;
00511         //logger( "delete sessionvar : $name");
00512         unset($_SESSION[$name]);
00513     }
00514 
00524     public function sid($blForceSid = false)
00525     {
00526         $myConfig = $this->getConfig();
00527         $blUseCookies = $this->_getSessionUseCookies();
00528         $sRet = '';
00529 
00530         $blDisableSid = oxRegistry::getUtils()->isSearchEngine()
00531                         && is_array($myConfig->getConfigParam('aCacheViews'))
00532                         && !$this->isAdmin();
00533 
00534         //no cookie?
00535         if (!$blDisableSid && $this->getId() && ($blForceSid || !$blUseCookies || !$this->_getCookieSid())) {
00536             $sRet = ($blForceSid ? $this->getForcedName() : $this->getName()) . "=" . $this->getId();
00537         }
00538 
00539         if ($this->isAdmin()) {
00540             // admin mode always has to have token
00541             if ($sRet) {
00542                 $sRet .= '&amp;';
00543             }
00544             $sRet .= 'stoken=' . $this->getSessionChallengeToken();
00545         }
00546 
00547         return $sRet;
00548     }
00549 
00555     public function hiddenSid()
00556     {
00557         $sSid = $sToken = '';
00558         if ($this->isSidNeeded()) {
00559             $sSid = "<input type=\"hidden\" name=\"" . $this->getForcedName() . "\" value=\"" . $this->getId() . "\" />";
00560         }
00561         if ($this->getId()) {
00562             $sToken = "<input type=\"hidden\" name=\"stoken\" value=\"" . $this->getSessionChallengeToken() . "\" />";
00563         }
00564 
00565         return $sToken . $sSid;
00566     }
00567 
00573     public function getBasket()
00574     {
00575         if ($this->_oBasket === null) {
00576             $sBasket = $this->getVariable($this->_getBasketName());
00577 
00578             //init oxbasketitem class first
00579             //#1746
00580             oxNew('oxbasketitem');
00581 
00582             // init oxbasket through oxNew and not oxAutoload, Mantis-Bug #0004262
00583             $oEmptyBasket = oxNew('oxbasket');
00584 
00585             $oBasket = ($sBasket && ($oBasket = unserialize($sBasket))) ? $oBasket : null;
00586 
00587             if (!$oBasket || (get_class($oBasket) !== get_class($oEmptyBasket))) {
00588                 $oBasket = $oEmptyBasket;
00589             }
00590 
00591             $this->_validateBasket($oBasket);
00592             $this->setBasket($oBasket);
00593         }
00594 
00595         return $this->_oBasket;
00596     }
00597 
00605     protected function _validateBasket(oxBasket $oBasket)
00606     {
00607         $aCurrContent = $oBasket->getContents();
00608         if (empty($aCurrContent)) {
00609             return;
00610         }
00611 
00612         $iCurrLang = oxRegistry::getLang()->getBaseLanguage();
00613         foreach ($aCurrContent as $oContent) {
00614             if ($oContent->getLanguageId() != $iCurrLang) {
00615                 $oContent->setLanguageId($iCurrLang);
00616             }
00617         }
00618     }
00619 
00625     public function setBasket($oBasket)
00626     {
00627         // sets basket session object
00628         $this->_oBasket = $oBasket;
00629     }
00630 
00634     public function delBasket()
00635     {
00636         $this->setBasket(null);
00637         $this->deleteVariable($this->_getBasketName());
00638     }
00639 
00645     public function isNewSession()
00646     {
00647         return self::$_blIsNewSession;
00648     }
00649 
00654     public function setForceNewSession()
00655     {
00656         $this->_blForceNewSession = true;
00657     }
00658 
00666     public function isSidNeeded($sUrl = null)
00667     {
00668         if ($this->isAdmin()) {
00669             return true;
00670         }
00671 
00672         $oConfig = $this->getConfig();
00673 
00674         if (!$this->_getSessionUseCookies() || ($sUrl && $this->_getCookieSid() && !$oConfig->isCurrentProtocol($sUrl))) {
00675             // switching from ssl to non ssl or vice versa?
00676             return true;
00677         }
00678 
00679         if ($sUrl && !$oConfig->isCurrentUrl($sUrl)) {
00680             return true;
00681         } elseif ($this->_blSidNeeded === null) {
00682             // setting initial state
00683             $this->_blSidNeeded = false;
00684 
00685             // no SIDs for search engines
00686             if (!oxRegistry::getUtils()->isSearchEngine()) {
00687                 // cookie found - SID is not needed
00688                 if (oxRegistry::get("oxUtilsServer")->getOxCookie($this->getName())) {
00689                     $this->_blSidNeeded = false;
00690                 } elseif ($this->_forceSessionStart()) {
00691                     $this->_blSidNeeded = true;
00692                 } else {
00693                     // no cookie, so must check session
00694                     if ($blSidNeeded = $this->getVariable('blSidNeeded')) {
00695                         $this->_blSidNeeded = true;
00696                     } elseif ($this->_isSessionRequiredAction()) {
00697 
00698                         if (!count($_COOKIE)) {
00699                             $this->_blSidNeeded = true;
00700 
00701                             // storing to session, performance..
00702                             $this->setVariable('blSidNeeded', $this->_blSidNeeded);
00703                         }
00704                     }
00705                 }
00706             }
00707         }
00708 
00709         return $this->_blSidNeeded;
00710     }
00711 
00719     public function isActualSidInCookie()
00720     {
00721         $blReturn = (isset($_COOKIE[$this->getName()]) && ($_COOKIE[$this->getName()] == $this->getId()));
00722 
00723         return $blReturn;
00724     }
00725 
00737     public function processUrl($sUrl)
00738     {
00739         $blSid = $this->isSidNeeded($sUrl);
00740 
00741         if ($blSid) {
00742             $sSid = $this->sid($blSid);
00743 
00744             if ($sSid) {
00745 
00746                 $oStr = getStr();
00747                 $aUrlParts = explode('#', $sUrl);
00748                 if (!$oStr->preg_match('/(\?|&(amp;)?)sid=/i', $aUrlParts[0]) && (false === $oStr->strpos($aUrlParts[0], $sSid))) {
00749                     if (!$oStr->preg_match('/(\?|&(amp;)?)$/', $sUrl)) {
00750                         $aUrlParts[0] .= ($oStr->strstr($aUrlParts[0], '?') !== false ? '&amp;' : '?');
00751                     }
00752                     $aUrlParts[0] .= $sSid . '&amp;';
00753                 }
00754                 $sUrl = join('#', $aUrlParts);
00755             }
00756         }
00757 
00758         return $sUrl;
00759     }
00760 
00770     public function getRemoteAccessToken($blGenerateNew = true)
00771     {
00772         $sToken = $this->getVariable('_rtoken');
00773         if (!$sToken && $blGenerateNew) {
00774             $sToken = md5(rand() . $this->getId());
00775             $sToken = substr($sToken, 0, 8);
00776             $this->setVariable('_rtoken', $sToken);
00777         }
00778 
00779         return $sToken;
00780     }
00781 
00788     protected function _forceSessionStart()
00789     {
00790         return (!oxRegistry::getUtils()->isSearchEngine()) && ((( bool ) $this->getConfig()->getConfigParam('blForceSessionStart')) || $this->getConfig()->getRequestParameter("su") || $this->_blForceNewSession);
00791     }
00792 
00798     protected function _allowSessionStart()
00799     {
00800         $blAllowSessionStart = true;
00801         $myConfig = $this->getConfig();
00802 
00803         // special handling only in non-admin mode
00804         if (!$this->isAdmin()) {
00805             if (oxRegistry::getUtils()->isSearchEngine() || $myConfig->getRequestParameter('skipSession')) {
00806                 $blAllowSessionStart = false;
00807             } elseif (oxRegistry::get("oxUtilsServer")->getOxCookie('oxid_' . $myConfig->getShopId() . '_autologin') === '1') {
00808                 $blAllowSessionStart = true;
00809             } elseif (!$this->_forceSessionStart() && !oxRegistry::get("oxUtilsServer")->getOxCookie('sid_key')) {
00810 
00811                 // session is not needed to start when it is not necessary:
00812                 // - no sid in request and also user executes no session connected action
00813                 // - no cookie set and user executes no session connected action
00814                 if (!oxRegistry::get("oxUtilsServer")->getOxCookie($this->getName()) &&
00815                     !($myConfig->getRequestParameter($this->getName()) || $myConfig->getRequestParameter($this->getForcedName())) &&
00816                     !$this->_isSessionRequiredAction()
00817                 ) {
00818                     $blAllowSessionStart = false;
00819                 }
00820             }
00821         }
00822 
00823         return $blAllowSessionStart;
00824     }
00825 
00833     protected function _isSwappedClient()
00834     {
00835         $blSwapped = false;
00836         $myUtilsServer = oxRegistry::get("oxUtilsServer");
00837 
00838         // check only for non search engines
00839         if (!oxRegistry::getUtils()->isSearchEngine() && !$myUtilsServer->isTrustedClientIp() && !$this->_isValidRemoteAccessToken()) {
00840 
00841             $myConfig = $this->getConfig();
00842 
00843             // checking if session user agent matches actual
00844             $blSwapped = $this->_checkUserAgent($myUtilsServer->getServerVar('HTTP_USER_AGENT'), $this->getVariable('sessionagent'));
00845             if (!$blSwapped) {
00846                 if ($myConfig->getConfigParam('blAdodbSessionHandler')) {
00847                     $blSwapped = $this->_checkSid();
00848                 }
00849 
00850                 if (!$blSwapped) {
00851                     $blDisableCookieCheck = $myConfig->getConfigParam('blDisableCookieCheck');
00852                     $blUseCookies = $this->_getSessionUseCookies();
00853                     if (!$blDisableCookieCheck && $blUseCookies) {
00854                         $blSwapped = $this->_checkCookies($myUtilsServer->getOxCookie('sid_key'), $this->getVariable("sessioncookieisset"));
00855                     }
00856                 }
00857             }
00858         }
00859 
00860         return $blSwapped;
00861     }
00862 
00871     protected function _checkUserAgent($sAgent, $sExistingAgent)
00872     {
00873         $blCheck = false;
00874 
00875         // processing
00876         $oUtils = oxRegistry::get("oxUtilsServer");
00877         $sAgent = $oUtils->processUserAgentInfo($sAgent);
00878         $sExistingAgent = $oUtils->processUserAgentInfo($sExistingAgent);
00879 
00880         if ($sAgent && $sAgent !== $sExistingAgent) {
00881             if ($sExistingAgent) {
00882                 $this->_sErrorMsg = "Different browser ({$sExistingAgent}, {$sAgent}), creating new SID...<br>";
00883             }
00884             $blCheck = true;
00885         }
00886 
00887         return $blCheck;
00888     }
00889 
00895     protected function _checkSid()
00896     {
00897         $oDb = oxDb::getDb();
00898         //matze changed sesskey to SessionID because structure of oxsession changed!!
00899         $sSID = $oDb->getOne("select SessionID from oxsessions where SessionID = " . $oDb->quote($this->getId()));
00900 
00901         //2007-05-14
00902         //we check _blNewSession as well as this may be actually new session not written to db yet
00903         if (!$this->_blNewSession && (!isset($sSID) || !$sSID)) {
00904             // this means, that this session has expired in the past and someone uses this sid to reactivate it
00905             $this->_sErrorMsg = "Session has expired in the past and someone uses this sid to reactivate it, creating new SID...<br>";
00906 
00907             return true;
00908         }
00909 
00910         return false;
00911     }
00912 
00922     protected function _checkCookies($sCookieSid, $aSessCookieSetOnce)
00923     {
00924         $blSwapped = false;
00925         $myConfig = $this->getConfig();
00926         $sCurrUrl = $myConfig->isSsl() ? $myConfig->getSslShopUrl() : $myConfig->getShopUrl();
00927 
00928         $blSessCookieSetOnce = false;
00929         if (is_array($aSessCookieSetOnce) && isset($aSessCookieSetOnce[$sCurrUrl])) {
00930             $blSessCookieSetOnce = $aSessCookieSetOnce[$sCurrUrl];
00931         }
00932 
00933         //if cookie was there once but now is gone it means we have to reset
00934         if ($blSessCookieSetOnce && !$sCookieSid) {
00935             if ($myConfig->getConfigParam('iDebug')) {
00936                 $this->_sErrorMsg = "Cookie not found, creating new SID...<br>";
00937                 $this->_sErrorMsg .= "Cookie: $sCookieSid<br>";
00938                 $this->_sErrorMsg .= "Session: $blSessCookieSetOnce<br>";
00939                 $this->_sErrorMsg .= "URL: " . $sCurrUrl . "<br>";
00940             }
00941             $blSwapped = true;
00942         }
00943 
00944         //if we detect the cookie then set session var for possible later use
00945         if ($sCookieSid == "oxid" && !$blSessCookieSetOnce) {
00946             if (!is_array($aSessCookieSetOnce)) {
00947                 $aSessCookieSetOnce = array();
00948             }
00949 
00950             $aSessCookieSetOnce[$sCurrUrl] = "ox_true";
00951             $this->setVariable("sessioncookieisset", $aSessCookieSetOnce);
00952         }
00953 
00954         //if we have no cookie then try to set it
00955         if (!$sCookieSid) {
00956             oxRegistry::get("oxUtilsServer")->setOxCookie('sid_key', 'oxid');
00957         }
00958 
00959         return $blSwapped;
00960     }
00961 
00969     protected function _setSessionId($sSessId)
00970     {
00971         //marking this session as new one, as it might be not writen to db yet
00972         if ($sSessId && session_id() != $sSessId) {
00973             $this->_blNewSession = true;
00974         }
00975 
00976         session_id($sSessId);
00977 
00978         $this->setId($sSessId);
00979 
00980         $blUseCookies = $this->_getSessionUseCookies();
00981 
00982         if (!$this->_allowSessionStart()) {
00983             if ($blUseCookies) {
00984                 oxRegistry::get("oxUtilsServer")->setOxCookie($this->getName(), null);
00985             }
00986 
00987             return;
00988         }
00989 
00990         if ($blUseCookies) {
00991             //setting session cookie
00992             oxRegistry::get("oxUtilsServer")->setOxCookie($this->getName(), $sSessId);
00993         }
00994     }
00995 
01001     protected function _getBasketName()
01002     {
01003         $myConfig = $this->getConfig();
01004         if ($myConfig->getConfigParam('blMallSharedBasket') == 0) {
01005             return $myConfig->getShopId() . "_basket";
01006         }
01007 
01008         return "basket";
01009     }
01010 
01016     protected function _getCookieSid()
01017     {
01018         return oxRegistry::get("oxUtilsServer")->getOxCookie($this->getName());
01019     }
01020 
01027     protected function _getRequireSessionWithParams()
01028     {
01029         $aCfgArray = $this->getConfig()->getConfigParam('aRequireSessionWithParams');
01030         if (is_array($aCfgArray)) {
01031             $aDefault = $this->_aRequireSessionWithParams;
01032             foreach ($aCfgArray as $key => $val) {
01033                 if (!is_array($val) && $val) {
01034                     unset($aDefault[$key]);
01035                 }
01036             }
01037 
01038             return array_merge_recursive($aCfgArray, $aDefault);
01039         }
01040 
01041         return $this->_aRequireSessionWithParams;
01042     }
01043 
01049     protected function _isSessionRequiredAction()
01050     {
01051         foreach ($this->_getRequireSessionWithParams() as $sParam => $aValues) {
01052             $sValue = $this->getConfig()->getRequestParameter($sParam);
01053             if (isset($sValue)) {
01054                 if (is_array($aValues)) {
01055                     if (isset($aValues[$sValue]) && $aValues[$sValue]) {
01056                         return true;
01057                     }
01058                 } elseif ($aValues) {
01059                     return true;
01060                 }
01061             }
01062         }
01063 
01064         return (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST');
01065     }
01066 
01072     protected function _getSessionUseCookies()
01073     {
01074         return $this->isAdmin() || $this->getConfig()->getConfigParam('blSessionUseCookies');
01075     }
01076 
01082     protected function _isValidRemoteAccessToken()
01083     {
01084         $sInputToken = $this->getConfig()->getRequestParameter('rtoken');
01085         $sToken = $this->getRemoteAccessToken(false);
01086         $blTokenEqual = !(bool) strcmp($sInputToken, $sToken);
01087         $blValid = $sInputToken && $blTokenEqual;
01088 
01089         return $blValid;
01090     }
01091 
01097     public function getBasketReservations()
01098     {
01099         if (!$this->_oBasketReservations) {
01100             $this->_oBasketReservations = oxNew('oxBasketReservation');
01101         }
01102 
01103         return $this->_oBasketReservations;
01104     }
01105 
01111     public function isHeaderSent()
01112     {
01113         return headers_sent();
01114     }
01115 
01121     public function isSessionStarted()
01122     {
01123         return $this->_blStarted;
01124     }
01125 
01126 }