Moodle PHP Documentation 4.3
Moodle 4.3.5 (Build: 20240610) (7dcfaa79f78)
|
Session manager, this is the public Moodle API for sessions. More...
Static Public Member Functions | |
static | apply_concurrent_login_limit ($userid, $sid=null) |
Terminate other sessions of current user depending on $CFG->limitconcurrentlogins restriction. | |
static | check_mutated_closed_session () |
Checks if the session has been mutated since it was closed. | |
static | cleanup_recent_session_locks () |
Reset recent session locks array if there is a time gap more than SESSION_RESET_GAP_THRESHOLD. | |
static | display_blocking_page () |
Display the page which blocks other pages. | |
static | gc () |
Periodic timed-out session cleanup. | |
static | get_handler_class () |
Get fully qualified name of session handler class. | |
static | get_locked_page_at ($time) |
Get the page that blocks other pages at a specific timestamp. | |
static | get_login_token () |
Get the current login token or generate a new one. | |
static | get_performance_info () |
Returns current page performance info. | |
static | get_realuser () |
Returns the $USER object ignoring current login-as session. | |
static | get_recent_session_locks () |
Get the recent session locks array. | |
static | get_session_lock_info () |
Get session lock info of the current page. | |
static | init_empty_session (?bool $newsid=null) |
Empty current session, fill it with not-logged-in user info. | |
static | is_loggedinas () |
Is current $USER logged-in-as somebody else? | |
static | keepalive ($identifier='sessionerroruser', $component='error', $frequency=null, $timeout=0) |
Add a JS session keepalive to the page. | |
static | kill_all_sessions () |
Terminate all sessions unconditionally. | |
static | kill_session ($sid) |
Terminate give session unconditionally. | |
static | kill_user_sessions ($userid, $keepsid=null) |
Terminate all sessions of given user unconditionally. | |
static | login_user (\stdClass $user) |
Login user, to be called from complete_user_login() only. | |
static | loginas ($userid, context $context, $generateevent=true) |
Login as another user - no security checks here. | |
static | restart_with_write_lock (bool $readonlysession) |
If the current session is not writeable, abort it, and re-open it requesting (and blocking) until a write lock is acquired. | |
static | session_exists ($sid) |
Does the PHP session with given id exist? | |
static | sessionlock_debugging () |
Display debugging info about slow and blocked script. | |
static | set_user (\stdClass $user) |
Set current user. | |
static | start () |
Start user session. | |
static | terminate_current () |
Terminate current user session. | |
static | time_remaining ($sid) |
Return the number of seconds remaining in the current session. | |
static | touch_session ($sid) |
Fake last access for given session, this prevents session timeout. | |
static | update_recent_session_locks ($sessionlock) |
Updates the recent session locks. | |
static | validate_login_token ($token=false) |
Check the submitted value against the stored login token. | |
static | write_close () |
No more changes in session expected. | |
Static Protected Member Functions | |
static | add_session_record ($userid) |
Insert new empty session record. | |
static | check_security () |
Do various session security checks. | |
static | initialise_user_session ($newsid) |
Initialise $_SESSION, handles google access and sets up not-logged-in user properly. | |
static | load_handler () |
Create handler instance. | |
static | prepare_cookies () |
Make sure all cookie and session related stuff is configured properly before session start. | |
Static Protected Attributes | |
static handler | $handler |
$handler active session handler instance | |
static string | $logintokenkey = 'core_auth_login' |
$logintokenkey Key used to get and store request protection for login form. | |
static bool | $sessionactive = null |
$sessionactive Is the session active? | |
Session manager, this is the public Moodle API for sessions.
Following PHP functions MUST NOT be used directly:
|
staticprotected |
Insert new empty session record.
int | $userid |
stdClass | the new record |
|
static |
Terminate other sessions of current user depending on $CFG->limitconcurrentlogins restriction.
This is expected to be called right after complete_user_login().
NOTE:
int | $userid | |
string | $sid | session id to be always keep, usually the current one |
void |
|
static |
Checks if the session has been mutated since it was closed.
In write_close the session is saved to the variable $sessionatclose If there is a difference between $sessionatclose and the current session, it means a script has erroneously closed the session too early. Script is usually called in shutdown_manager
|
staticprotected |
Do various session security checks.
WARNING: $USER and $SESSION are set up later, do not use them yet!
core\session\exception |
|
static |
Display the page which blocks other pages.
string |
|
static |
Get fully qualified name of session handler class.
string | The name of the handler class |
|
static |
Get the page that blocks other pages at a specific timestamp.
Look for a page whose lock was gained before that timestamp, and released after that timestamp.
float | $time | Time before session lock starts. |
array|null |
|
static |
Get the current login token or generate a new one.
All login forms generated from Moodle must include a login token named "logintoken" with the value being the result of this function. Logins will be rejected if they do not include this token as well as the username and password fields.
string | The current login token. |
|
static |
Returns current page performance info.
array | perf info |
|
static |
Returns the $USER object ignoring current login-as session.
stdClass | user object |
|
static |
Get the recent session locks array.
array | Recent session locks array. |
|
static |
Get session lock info of the current page.
array |
|
static |
Empty current session, fill it with not-logged-in user info.
This is intended for installation scripts, unit tests and other special areas. Do NOT use for logout and session termination in normal requests!
mixed | $newsid | only used after initialising a user session, is this a new user session? |
|
staticprotected |
Initialise $_SESSION, handles google access and sets up not-logged-in user properly.
WARNING: $USER and $SESSION are set up later, do not use them yet!
bool | $newsid | is this a new session in first http request? |
|
static |
Is current $USER logged-in-as somebody else?
bool |
|
static |
Add a JS session keepalive to the page.
A JS session keepalive script will be called to update the session modification time every $frequency seconds.
Upon failure, the specified error message will be shown to the user.
string | $identifier | The string identifier for the message to show on failure. |
string | $component | The string component for the message to show on failure. |
int | $frequency | The update frequency in seconds. |
int | $timeout | The timeout of each request in seconds. |
coding_exception | IF the frequency is longer than the session lifetime. |
|
static |
Terminate give session unconditionally.
string | $sid |
|
static |
Terminate all sessions of given user unconditionally.
int | $userid | |
string | $keepsid | keep this sid if present |
|
static |
Login user, to be called from complete_user_login() only.
stdClass | $user |
|
static |
Login as another user - no security checks here.
int | $userid | |
context | $context | |
bool | $generateevent | Set to false to prevent the loginas event to be generated |
void |
|
static |
If the current session is not writeable, abort it, and re-open it requesting (and blocking) until a write lock is acquired.
If current session was already opened with an intentional write lock, this call will not do anything. NOTE: Even when using a session handler that does not support non-locking sessions, if the original session was not opened with the explicit intention of being locked, this will still restart your session so that code behaviour matches as closely as practical across environments.
bool | $readonlysession | Used by debugging logic to determine if whatever triggered the restart (e.g., a webservice) declared itself as read only. |
|
static |
Does the PHP session with given id exist?
The session must exist both in session table and actual session backend and the session must not be timed out.
Timeout evaluation is simplified, the auth hooks are not executed.
string | $sid |
bool |
|
static |
Set current user.
stdClass | $user | record |
|
static |
Start user session.
Note: This is intended to be called only from lib/setup.php!
|
static |
Terminate current user session.
void |
|
static |
Return the number of seconds remaining in the current session.
string | $sid |
|
static |
Fake last access for given session, this prevents session timeout.
string | $sid |
|
static |
Updates the recent session locks.
This function will store session lock info of all the pages visited.
array | $sessionlock | Session lock array. |
|
static |
Check the submitted value against the stored login token.
mixed | $token | The value submitted in the login form that we are validating. If false is passed for the token, this function will always return true. |
boolean | If the submitted token is valid. |
|
static |
No more changes in session expected.
Unblocks the sessions, other scripts may start executing in parallel.