Sujan/Ekdant-Online-Store
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a2fa49071a
Ekdant-Online-Store/catalog/controller/startup/session.php
sujan a2fa49071a first commit
2024-08-06 18:06:00 +05:45

72 lines
2.3 KiB
PHP
Raw Blame History

<?php
namespace Opencart\Catalog\Controller\Startup;
/**
* Class Session
*
* @package Opencart\Catalog\Controller\Startup
*/
class Session extends \Opencart\System\Engine\Controller {
/**
* @return void
* @throws \Exception
*/
public function index(): void {
$session = new \Opencart\System\Library\Session($this->config->get('session_engine'), $this->registry);
$this->registry->set('session', $session);
if (isset($this->request->get['route']) && substr((string)$this->request->get['route'], 0, 4) == 'api/' && isset($this->request->get['api_token'])) {
$this->load->model('setting/api');
$this->model_setting_api->cleanSessions();
// Make sure the IP is allowed
$api_info = $this->model_setting_api->getApiByToken($this->request->get['api_token']);
if ($api_info) {
$this->session->start($this->request->get['api_token']);
$this->model_setting_api->updateSession($api_info['api_session_id']);
}
return;
}
/*
We are adding the session cookie outside of the session class as I believe
PHP messed up in a big way handling sessions. Why in the hell is it so hard to
have more than one concurrent session using cookies!
Is it not better to have multiple cookies when accessing parts of the system
that requires different cookie sessions for security reasons.
*/
// Update the session lifetime
if ($this->config->get('config_session_expire')) {
$this->config->set('session_expire', $this->config->get('config_session_expire'));
}
// Update the session SameSite
$this->config->set('session_samesite', $this->config->get('config_session_samesite'));
if (isset($this->request->cookie[$this->config->get('session_name')])) {
$session_id = $this->request->cookie[$this->config->get('session_name')];
} else {
$session_id = '';
}
$session->start($session_id);
$option = [
'expires' => time() + (int)$this->config->get('config_session_expire'),
'path' => $this->config->get('session_path'),
'secure' => $this->request->server['HTTPS'],
'httponly' => false,
'SameSite' => $this->config->get('session_samesite')
];
$this->response->addHeader('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0');
setcookie($this->config->get('session_name'), $session->getId(), $option);
}
}
Reference in New Issue View Git Blame Copy Permalink