OXID eShop CE  4.9.5
 All Classes Files Functions Variables Pages
oxsession.php
Go to the documentation of this file.
1 <?php
2 
3 DEFINE('_DB_SESSION_HANDLER', getShopBasePath() . 'core/adodblite/session/adodb-session.php');
4 
10 class oxSession extends oxSuperCfg
11 {
12 
18  protected $_sName = 'sid';
19 
25  protected $_sForcedPrefix = 'force_';
26 
32  protected $_sId = null;
33 
39  protected static $_blIsNewSession = false;
40 
46  protected static $_oUser = null;
47 
54  protected $_blNewSession = false;
55 
61  protected $_blForceNewSession = false;
62 
68  protected $_sErrorMsg = null;
69 
75  protected $_oBasket = null;
76 
82  protected $_oBasketReservations = null;
83 
89  protected $_blStarted = false;
90 
99  protected $_aRequireSessionWithParams = array(
100  'cl' => array(
101  'register' => true,
102  'account' => true,
103  ),
104  'fnc' => array(
105  'tobasket' => true,
106  'login_noredirect' => true,
107  'tocomparelist' => true,
108  ),
109  '_artperpage' => true,
110  'ldtype' => true,
111  'listorderby' => true,
112  );
113 
119  protected $_blSidNeeded = null;
120 
126  protected $_aPersistentParams = array("actshop", "lang", "currency", "language", "tpllanguage");
127 
133  public function getId()
134  {
135  return $this->_sId;
136  }
137 
143  public function setId($sVal)
144  {
145  $this->_sId = $sVal;
146  }
147 
153  public function setName($sVal)
154  {
155  $this->_sName = $sVal;
156  }
157 
163  public function getForcedName()
164  {
165  return $this->_sForcedPrefix . $this->getName();
166  }
167 
173  public function getName()
174  {
175  return $this->_sName;
176  }
177 
181  public function start()
182  {
183  $myConfig = $this->getConfig();
184  $sid = null;
185 
186  if ($this->isAdmin()) {
187  $this->setName("admin_sid");
188  } else {
189  $this->setName("sid");
190  }
191 
192  $sForceSidParam = $myConfig->getRequestParameter($this->getForcedName());
193  $sSidParam = $myConfig->getRequestParameter($this->getName());
194 
195  //forcing sid for SSL<->nonSSL transitions
196  if ($sForceSidParam) {
197  $sid = $sForceSidParam;
198  } elseif ($this->_getSessionUseCookies() && $this->_getCookieSid()) {
199  $sid = $this->_getCookieSid();
200  } elseif ($sSidParam) {
201  $sid = $sSidParam;
202  }
203 
204  //starting session if only we can
205  if ($this->_allowSessionStart()) {
206 
207  //creating new sid
208  if (!$sid) {
209  self::$_blIsNewSession = true;
210  $this->initNewSession();
211  } else {
212  self::$_blIsNewSession = false;
213  $this->_setSessionId($sid);
214  $this->_sessionStart();
215  }
216 
217  //special handling for new ZP cluster session, as in that case session_start() regenerates id
218  if ($this->_sId != session_id()) {
219  $this->_setSessionId(session_id());
220  }
221 
222  //checking for swapped client
223  $blSwapped = $this->_isSwappedClient();
224  if (!self::$_blIsNewSession && $blSwapped) {
225  $this->initNewSession();
226 
227  // passing notification about session problems
228  if ($this->_sErrorMsg && $myConfig->getConfigParam('iDebug')) {
229  oxRegistry::get("oxUtilsView")->addErrorToDisplay(oxNew("oxException", $this->_sErrorMsg));
230  }
231  } elseif (!$blSwapped) {
232  // transferring cookies between hosts
233  oxRegistry::get("oxUtilsServer")->loadSessionCookies();
234  }
235  }
236  }
237 
243  public function getRequestChallengeToken()
244  {
245  return preg_replace('/[^a-z0-9]/i', '', $this->getConfig()->getRequestParameter('stoken'));
246  }
247 
253  public function getSessionChallengeToken()
254  {
255  $sRet = preg_replace('/[^a-z0-9]/i', '', $this->getVariable('sess_stoken'));
256  if (!$sRet) {
257  $this->_initNewSessionChallenge();
258  $sRet = $this->getVariable('sess_stoken');
259  }
260 
261  return $sRet;
262  }
263 
270  public function checkSessionChallenge()
271  {
272  $sToken = $this->getSessionChallengeToken();
273 
274  return $sToken && ($sToken == $this->getRequestChallengeToken());
275  }
276 
280  protected function _initNewSessionChallenge()
281  {
282  $this->setVariable('sess_stoken', sprintf('%X', crc32(oxUtilsObject::getInstance()->generateUID())));
283  }
284 
290  protected function _sessionStart()
291  {
292  $blSetNoCache = true;
293  if ($blSetNoCache) {
294  //enforcing no caching when session is started
295  session_cache_limiter('nocache');
296 
297  //cache limiter workaround for AOL browsers
298  //as suggested at http://ilia.ws/archives/59-AOL-Browser-Woes.html
299  if (isset($_SERVER['HTTP_USER_AGENT']) &&
300  strpos($_SERVER['HTTP_USER_AGENT'], 'AOL') !== false
301  ) {
302 
303  session_cache_limiter(false);
304  header("Cache-Control: no-store, private, must-revalidate, proxy-revalidate, post-check=0, pre-check=0, max-age=0, s-maxage=0");
305  }
306  }
307 
308  // Including database session managing class if needed.
309  if (oxRegistry::getConfig()->getConfigParam('blAdodbSessionHandler')) {
310  $oDB = oxDb::getDb();
311  include_once _DB_SESSION_HANDLER;
312  }
313 
314  $this->_blStarted = @session_start();
315  if (!$this->getSessionChallengeToken()) {
316  $this->_initNewSessionChallenge();
317  }
318 
319  return $this->_blStarted;
320  }
321 
325  public function initNewSession()
326  {
327  // starting session only if it was not started yet
328  if (self::$_blIsNewSession) {
329  $this->_sessionStart();
330  }
331 
332  //saving persistent params if old session exists
333  $aPersistent = array();
334  foreach ($this->_aPersistentParams as $sParam) {
335  if (($sValue = $this->getVariable($sParam))) {
336  $aPersistent[$sParam] = $sValue;
337  }
338  }
339 
340  $this->_setSessionId($this->_getNewSessionId());
341 
342  //restoring persistent params to session
343  foreach ($aPersistent as $sKey => $sParam) {
344  $this->setVariable($sKey, $aPersistent[$sKey]);
345  }
346 
347  $this->_initNewSessionChallenge();
348 
349  // (re)setting actual user agent when initiating new session
350  $this->setVariable("sessionagent", oxRegistry::get("oxUtilsServer")->getServerVar('HTTP_USER_AGENT'));
351  }
352 
356  public function regenerateSessionId()
357  {
358  // starting session only if it was not started yet
359  if (self::$_blIsNewSession) {
360  $this->_sessionStart();
361 
362  // (re)setting actual user agent when initiating new session
363  $this->setVariable("sessionagent", oxRegistry::get("oxUtilsServer")->getServerVar('HTTP_USER_AGENT'));
364  }
365 
366  $this->_setSessionId($this->_getNewSessionId(false));
367  $this->_initNewSessionChallenge();
368  }
369 
378  protected function _getNewSessionId($blUnset = true)
379  {
380  $sOldId = session_id();
381  @session_regenerate_id(!oxRegistry::getConfig()->getConfigParam('blAdodbSessionHandler'));
382  $sNewId = session_id();
383 
384  if ($blUnset) {
385  session_unset();
386  }
387 
388  if (oxRegistry::getConfig()->getConfigParam('blAdodbSessionHandler')) {
389  $oDB = oxDb::getDb();
390  $oDB->execute("UPDATE oxsessions SET SessionID = " . $oDB->quote($sNewId) . " WHERE SessionID = " . $oDB->quote($sOldId));
391  }
392 
393  return session_id();
394  }
395 
399  public function freeze()
400  {
401  // storing basket ..
402  $this->setVariable($this->_getBasketName(), serialize($this->getBasket()));
403 
404  session_write_close();
405  }
406 
410  public function destroy()
411  {
412  //session_unset();
413  unset($_SESSION);
414  session_destroy();
415  }
416 
424  public function hasVariable($name)
425  {
426  if (defined('OXID_PHP_UNIT')) {
427  if (isset(modSession::$unitMOD) && is_object(modSession::$unitMOD)) {
428  try {
429  $sVal = modSession::getInstance()->getVar($name);
430 
431  return isset($sVal);
432  } catch (Exception $e) {
433  // if exception is thrown, use default
434  }
435  }
436  }
437 
438  return isset($_SESSION[$name]);
439  }
440 
449  public function setVariable($name, $value)
450  {
451  if (defined('OXID_PHP_UNIT')) {
452  if (isset(modSession::$unitMOD) && is_object(modSession::$unitMOD)) {
453  try {
454  return modSession::getInstance()->setVar($name, $value);
455  } catch (Exception $e) {
456  // if exception is thrown, use default
457  }
458  }
459  }
460 
461  $_SESSION[$name] = $value;
462  //logger( "set sessionvar : $name -> $value");
463  }
464 
472  public function getVariable($name)
473  {
474  if (defined('OXID_PHP_UNIT')) {
475  if (isset(modSession::$unitMOD) && is_object(modSession::$unitMOD)) {
476  try {
477  return modSession::getInstance()->getVar($name);
478  } catch (Exception $e) {
479  // if exception is thrown, use default
480  }
481  }
482  }
483 
484  if (isset($_SESSION[$name])) {
485  return $_SESSION[$name];
486  } else {
487  return null;
488  }
489  }
490 
498  public function deleteVariable($name)
499  {
500  if (defined('OXID_PHP_UNIT')) {
501  if (isset(modSession::$unitMOD) && is_object(modSession::$unitMOD)) {
502  try {
503  return modSession::getInstance()->setVar($name, null);
504  } catch (Exception $e) {
505  // if exception is thrown, use default
506  }
507  }
508  }
509 
510  $_SESSION[$name] = null;
511  //logger( "delete sessionvar : $name");
512  unset($_SESSION[$name]);
513  }
514 
524  public function sid($blForceSid = false)
525  {
526  $myConfig = $this->getConfig();
527  $blUseCookies = $this->_getSessionUseCookies();
528  $sRet = '';
529 
530  $blDisableSid = oxRegistry::getUtils()->isSearchEngine()
531  && is_array($myConfig->getConfigParam('aCacheViews'))
532  && !$this->isAdmin();
533 
534  //no cookie?
535  if (!$blDisableSid && $this->getId() && ($blForceSid || !$blUseCookies || !$this->_getCookieSid())) {
536  $sRet = ($blForceSid ? $this->getForcedName() : $this->getName()) . "=" . $this->getId();
537  }
538 
539  if ($this->isAdmin()) {
540  // admin mode always has to have token
541  if ($sRet) {
542  $sRet .= '&amp;';
543  }
544  $sRet .= 'stoken=' . $this->getSessionChallengeToken();
545  }
546 
547  return $sRet;
548  }
549 
555  public function hiddenSid()
556  {
557  $sSid = $sToken = '';
558  if ($this->isSidNeeded()) {
559  $sSid = "<input type=\"hidden\" name=\"" . $this->getForcedName() . "\" value=\"" . $this->getId() . "\" />";
560  }
561  if ($this->getId()) {
562  $sToken = "<input type=\"hidden\" name=\"stoken\" value=\"" . $this->getSessionChallengeToken() . "\" />";
563  }
564 
565  return $sToken . $sSid;
566  }
567 
573  public function getBasket()
574  {
575  if ($this->_oBasket === null) {
576  $sBasket = $this->getVariable($this->_getBasketName());
577 
578  //init oxbasketitem class first
579  //#1746
580  oxNew('oxbasketitem');
581 
582  // init oxbasket through oxNew and not oxAutoload, Mantis-Bug #0004262
583  $oEmptyBasket = oxNew('oxbasket');
584 
585  $oBasket = ($sBasket && ($oBasket = unserialize($sBasket))) ? $oBasket : null;
586 
587  if (!$oBasket || (get_class($oBasket) !== get_class($oEmptyBasket))) {
588  $oBasket = $oEmptyBasket;
589  }
590 
591  $this->_validateBasket($oBasket);
592  $this->setBasket($oBasket);
593  }
594 
595  return $this->_oBasket;
596  }
597 
605  protected function _validateBasket(oxBasket $oBasket)
606  {
607  $aCurrContent = $oBasket->getContents();
608  if (empty($aCurrContent)) {
609  return;
610  }
611 
612  $iCurrLang = oxRegistry::getLang()->getBaseLanguage();
613  foreach ($aCurrContent as $oContent) {
614  if ($oContent->getLanguageId() != $iCurrLang) {
615  $oContent->setLanguageId($iCurrLang);
616  }
617  }
618  }
619 
625  public function setBasket($oBasket)
626  {
627  // sets basket session object
628  $this->_oBasket = $oBasket;
629  }
630 
634  public function delBasket()
635  {
636  $this->setBasket(null);
637  $this->deleteVariable($this->_getBasketName());
638  }
639 
645  public function isNewSession()
646  {
647  return self::$_blIsNewSession;
648  }
649 
654  public function setForceNewSession()
655  {
656  $this->_blForceNewSession = true;
657  }
658 
666  public function isSidNeeded($sUrl = null)
667  {
668  if ($this->isAdmin()) {
669  return true;
670  }
671 
672  $oConfig = $this->getConfig();
673 
674  if (!$this->_getSessionUseCookies() || ($sUrl && $this->_getCookieSid() && !$oConfig->isCurrentProtocol($sUrl))) {
675  // switching from ssl to non ssl or vice versa?
676  return true;
677  }
678 
679  if ($sUrl && !$oConfig->isCurrentUrl($sUrl)) {
680  return true;
681  } elseif ($this->_blSidNeeded === null) {
682  // setting initial state
683  $this->_blSidNeeded = false;
684 
685  // no SIDs for search engines
686  if (!oxRegistry::getUtils()->isSearchEngine()) {
687  // cookie found - SID is not needed
688  if (oxRegistry::get("oxUtilsServer")->getOxCookie($this->getName())) {
689  $this->_blSidNeeded = false;
690  } elseif ($this->_forceSessionStart()) {
691  $this->_blSidNeeded = true;
692  } else {
693  // no cookie, so must check session
694  if ($blSidNeeded = $this->getVariable('blSidNeeded')) {
695  $this->_blSidNeeded = true;
696  } elseif ($this->_isSessionRequiredAction()) {
697 
698  if (!count($_COOKIE)) {
699  $this->_blSidNeeded = true;
700 
701  // storing to session, performance..
702  $this->setVariable('blSidNeeded', $this->_blSidNeeded);
703  }
704  }
705  }
706  }
707  }
708 
709  return $this->_blSidNeeded;
710  }
711 
719  public function isActualSidInCookie()
720  {
721  $blReturn = (isset($_COOKIE[$this->getName()]) && ($_COOKIE[$this->getName()] == $this->getId()));
722 
723  return $blReturn;
724  }
725 
737  public function processUrl($sUrl)
738  {
739  $blSid = $this->isSidNeeded($sUrl);
740 
741  if ($blSid) {
742  $sSid = $this->sid($blSid);
743 
744  if ($sSid) {
745 
746  $oStr = getStr();
747  $aUrlParts = explode('#', $sUrl);
748  if (!$oStr->preg_match('/(\?|&(amp;)?)sid=/i', $aUrlParts[0]) && (false === $oStr->strpos($aUrlParts[0], $sSid))) {
749  if (!$oStr->preg_match('/(\?|&(amp;)?)$/', $sUrl)) {
750  $aUrlParts[0] .= ($oStr->strstr($aUrlParts[0], '?') !== false ? '&amp;' : '?');
751  }
752  $aUrlParts[0] .= $sSid . '&amp;';
753  }
754  $sUrl = join('#', $aUrlParts);
755  }
756  }
757 
758  return $sUrl;
759  }
760 
770  public function getRemoteAccessToken($blGenerateNew = true)
771  {
772  $sToken = $this->getVariable('_rtoken');
773  if (!$sToken && $blGenerateNew) {
774  $sToken = md5(rand() . $this->getId());
775  $sToken = substr($sToken, 0, 8);
776  $this->setVariable('_rtoken', $sToken);
777  }
778 
779  return $sToken;
780  }
781 
788  protected function _forceSessionStart()
789  {
790  return (!oxRegistry::getUtils()->isSearchEngine()) && ((( bool ) $this->getConfig()->getConfigParam('blForceSessionStart')) || $this->getConfig()->getRequestParameter("su") || $this->_blForceNewSession);
791  }
792 
798  protected function _allowSessionStart()
799  {
800  $blAllowSessionStart = true;
801  $myConfig = $this->getConfig();
802 
803  // special handling only in non-admin mode
804  if (!$this->isAdmin()) {
805  if (oxRegistry::getUtils()->isSearchEngine() || $myConfig->getRequestParameter('skipSession')) {
806  $blAllowSessionStart = false;
807  } elseif (oxRegistry::get("oxUtilsServer")->getOxCookie('oxid_' . $myConfig->getShopId() . '_autologin') === '1') {
808  $blAllowSessionStart = true;
809  } elseif (!$this->_forceSessionStart() && !oxRegistry::get("oxUtilsServer")->getOxCookie('sid_key')) {
810 
811  // session is not needed to start when it is not necessary:
812  // - no sid in request and also user executes no session connected action
813  // - no cookie set and user executes no session connected action
814  if (!oxRegistry::get("oxUtilsServer")->getOxCookie($this->getName()) &&
815  !($myConfig->getRequestParameter($this->getName()) || $myConfig->getRequestParameter($this->getForcedName())) &&
816  !$this->_isSessionRequiredAction()
817  ) {
818  $blAllowSessionStart = false;
819  }
820  }
821  }
822 
823  return $blAllowSessionStart;
824  }
825 
833  protected function _isSwappedClient()
834  {
835  $blSwapped = false;
836  $myUtilsServer = oxRegistry::get("oxUtilsServer");
837 
838  // check only for non search engines
839  if (!oxRegistry::getUtils()->isSearchEngine() && !$myUtilsServer->isTrustedClientIp() && !$this->_isValidRemoteAccessToken()) {
840 
841  $myConfig = $this->getConfig();
842 
843  // checking if session user agent matches actual
844  $blSwapped = $this->_checkUserAgent($myUtilsServer->getServerVar('HTTP_USER_AGENT'), $this->getVariable('sessionagent'));
845  if (!$blSwapped) {
846  if ($myConfig->getConfigParam('blAdodbSessionHandler')) {
847  $blSwapped = $this->_checkSid();
848  }
849 
850  if (!$blSwapped) {
851  $blDisableCookieCheck = $myConfig->getConfigParam('blDisableCookieCheck');
852  $blUseCookies = $this->_getSessionUseCookies();
853  if (!$blDisableCookieCheck && $blUseCookies) {
854  $blSwapped = $this->_checkCookies($myUtilsServer->getOxCookie('sid_key'), $this->getVariable("sessioncookieisset"));
855  }
856  }
857  }
858  }
859 
860  return $blSwapped;
861  }
862 
871  protected function _checkUserAgent($sAgent, $sExistingAgent)
872  {
873  $blCheck = false;
874 
875  // processing
876  $oUtils = oxRegistry::get("oxUtilsServer");
877  $sAgent = $oUtils->processUserAgentInfo($sAgent);
878  $sExistingAgent = $oUtils->processUserAgentInfo($sExistingAgent);
879 
880  if ($sAgent && $sAgent !== $sExistingAgent) {
881  if ($sExistingAgent) {
882  $this->_sErrorMsg = "Different browser ({$sExistingAgent}, {$sAgent}), creating new SID...<br>";
883  }
884  $blCheck = true;
885  }
886 
887  return $blCheck;
888  }
889 
895  protected function _checkSid()
896  {
897  $oDb = oxDb::getDb();
898  //matze changed sesskey to SessionID because structure of oxsession changed!!
899  $sSID = $oDb->getOne("select SessionID from oxsessions where SessionID = " . $oDb->quote($this->getId()));
900 
901  //2007-05-14
902  //we check _blNewSession as well as this may be actually new session not written to db yet
903  if (!$this->_blNewSession && (!isset($sSID) || !$sSID)) {
904  // this means, that this session has expired in the past and someone uses this sid to reactivate it
905  $this->_sErrorMsg = "Session has expired in the past and someone uses this sid to reactivate it, creating new SID...<br>";
906 
907  return true;
908  }
909 
910  return false;
911  }
912 
922  protected function _checkCookies($sCookieSid, $aSessCookieSetOnce)
923  {
924  $blSwapped = false;
925  $myConfig = $this->getConfig();
926  $sCurrUrl = $myConfig->isSsl() ? $myConfig->getSslShopUrl() : $myConfig->getShopUrl();
927 
928  $blSessCookieSetOnce = false;
929  if (is_array($aSessCookieSetOnce) && isset($aSessCookieSetOnce[$sCurrUrl])) {
930  $blSessCookieSetOnce = $aSessCookieSetOnce[$sCurrUrl];
931  }
932 
933  //if cookie was there once but now is gone it means we have to reset
934  if ($blSessCookieSetOnce && !$sCookieSid) {
935  if ($myConfig->getConfigParam('iDebug')) {
936  $this->_sErrorMsg = "Cookie not found, creating new SID...<br>";
937  $this->_sErrorMsg .= "Cookie: $sCookieSid<br>";
938  $this->_sErrorMsg .= "Session: $blSessCookieSetOnce<br>";
939  $this->_sErrorMsg .= "URL: " . $sCurrUrl . "<br>";
940  }
941  $blSwapped = true;
942  }
943 
944  //if we detect the cookie then set session var for possible later use
945  if ($sCookieSid == "oxid" && !$blSessCookieSetOnce) {
946  if (!is_array($aSessCookieSetOnce)) {
947  $aSessCookieSetOnce = array();
948  }
949 
950  $aSessCookieSetOnce[$sCurrUrl] = "ox_true";
951  $this->setVariable("sessioncookieisset", $aSessCookieSetOnce);
952  }
953 
954  //if we have no cookie then try to set it
955  if (!$sCookieSid) {
956  oxRegistry::get("oxUtilsServer")->setOxCookie('sid_key', 'oxid');
957  }
958 
959  return $blSwapped;
960  }
961 
969  protected function _setSessionId($sSessId)
970  {
971  //marking this session as new one, as it might be not writen to db yet
972  if ($sSessId && session_id() != $sSessId) {
973  $this->_blNewSession = true;
974  }
975 
976  session_id($sSessId);
977 
978  $this->setId($sSessId);
979 
980  $blUseCookies = $this->_getSessionUseCookies();
981 
982  if (!$this->_allowSessionStart()) {
983  if ($blUseCookies) {
984  oxRegistry::get("oxUtilsServer")->setOxCookie($this->getName(), null);
985  }
986 
987  return;
988  }
989 
990  if ($blUseCookies) {
991  //setting session cookie
992  oxRegistry::get("oxUtilsServer")->setOxCookie($this->getName(), $sSessId);
993  }
994  }
995 
1001  protected function _getBasketName()
1002  {
1003  $myConfig = $this->getConfig();
1004  if ($myConfig->getConfigParam('blMallSharedBasket') == 0) {
1005  return $myConfig->getShopId() . "_basket";
1006  }
1007 
1008  return "basket";
1009  }
1010 
1016  protected function _getCookieSid()
1017  {
1018  return oxRegistry::get("oxUtilsServer")->getOxCookie($this->getName());
1019  }
1020 
1027  protected function _getRequireSessionWithParams()
1028  {
1029  $aCfgArray = $this->getConfig()->getConfigParam('aRequireSessionWithParams');
1030  if (is_array($aCfgArray)) {
1031  $aDefault = $this->_aRequireSessionWithParams;
1032  foreach ($aCfgArray as $key => $val) {
1033  if (!is_array($val) && $val) {
1034  unset($aDefault[$key]);
1035  }
1036  }
1037 
1038  return array_merge_recursive($aCfgArray, $aDefault);
1039  }
1040 
1041  return $this->_aRequireSessionWithParams;
1042  }
1043 
1049  protected function _isSessionRequiredAction()
1050  {
1051  foreach ($this->_getRequireSessionWithParams() as $sParam => $aValues) {
1052  $sValue = $this->getConfig()->getRequestParameter($sParam);
1053  if (isset($sValue)) {
1054  if (is_array($aValues)) {
1055  if (isset($aValues[$sValue]) && $aValues[$sValue]) {
1056  return true;
1057  }
1058  } elseif ($aValues) {
1059  return true;
1060  }
1061  }
1062  }
1063 
1064  return (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST');
1065  }
1066 
1072  protected function _getSessionUseCookies()
1073  {
1074  return $this->isAdmin() || $this->getConfig()->getConfigParam('blSessionUseCookies');
1075  }
1076 
1082  protected function _isValidRemoteAccessToken()
1083  {
1084  $sInputToken = $this->getConfig()->getRequestParameter('rtoken');
1085  $sToken = $this->getRemoteAccessToken(false);
1086  $blTokenEqual = !(bool) strcmp($sInputToken, $sToken);
1087  $blValid = $sInputToken && $blTokenEqual;
1088 
1089  return $blValid;
1090  }
1091 
1097  public function getBasketReservations()
1098  {
1099  if (!$this->_oBasketReservations) {
1100  $this->_oBasketReservations = oxNew('oxBasketReservation');
1101  }
1102 
1103  return $this->_oBasketReservations;
1104  }
1105 
1111  public function isHeaderSent()
1112  {
1113  return headers_sent();
1114  }
1115 
1121  public function isSessionStarted()
1122  {
1123  return $this->_blStarted;
1124  }
1125 
1126 }