 |
Moodle PHP Documentation 5.1
Moodle 5.1dev (Build: 20250711) (9addea9f0ac)
|
|
Moodle PHP Documentation 5.1
Moodle 5.1dev (Build: 20250711) (9addea9f0ac)
|
Static Public Member Functions | |
| static | add_session (int $userid) |
| Insert new empty session record. | |
| static | apply_concurrent_login_limit ($userid, $sid=null) |
| Terminate other sessions of current user depending on $CFG->limitconcurrentlogins restriction. | |
| static | check_mutated_closed_session () |
| Checks if the session has been mutated since it was closed. | |
| static | cleanup_recent_session_locks () |
| Reset recent session locks array if there is a time gap more than SESSION_RESET_GAP_THRESHOLD. | |
| static | destroy (string $id) |
| Destroy a specific session and delete this session record for this session id. | |
| static | destroy_all () |
| Destroy all sessions, and delete all the session data. | |
| static | destroy_by_auth_plugin (string $pluginname) |
| Destroy all sessions for a given plugin. | |
| static | destroy_user_sessions ($userid, $keepsid=null) |
| Destroy all sessions of given user unconditionally. | |
| static | display_blocking_page () |
| Display the page which blocks other pages. | |
| static | gc (int $maxlifetime=0) |
| Periodic timed-out session cleanup. | |
| static | get_handler_class () |
| Get fully qualified name of session handler class. | |
| static | get_locked_page_at ($time) |
| Get the page that blocks other pages at a specific timestamp. | |
| static | get_login_token () |
| Get the current login token or generate a new one. | |
| static | get_performance_info () |
| Returns current page performance info. | |
| static | get_realuser () |
| Returns the $USER object ignoring current login-as session. | |
| static | get_recent_session_locks () |
| Get the recent session locks array. | |
| static | get_session_by_sid (string $sid) |
| Returns a single session record for this session id. | |
| static | get_session_lock_info () |
| Get session lock info of the current page. | |
| static | get_sessions_by_userid (int $userid) |
| Returns all the session records for this user id. | |
| static | init_empty_session (?bool $newsid=null) |
| Empty current session, fill it with not-logged-in user info. | |
| static | is_loggedinas () |
| Is current $USER logged-in-as somebody else? | |
| static | keepalive ($identifier='sessionerroruser', $component='error', $frequency=null, $timeout=0) |
| Add a JS session keepalive to the page. | |
| replacement static | kill_all_sessions () |
| replacement static | kill_session ($sid) |
| replacement static | kill_sessions_for_auth_plugin (string $pluginname) |
| replacement static | kill_user_sessions ($userid, $keepsid=null) |
| static | login_user (\stdClass $user) |
| Login user, to be called from complete_user_login() only. | |
| static | loginas ($userid, context $context, $generateevent=true) |
| Login as another user - no security checks here. | |
| static | restart_with_write_lock (bool $readonlysession) |
| If the current session is not writeable, abort it, and re-open it requesting (and blocking) until a write lock is acquired. | |
| static | session_exists ($sid) |
| Does the PHP session with given id exist? | |
| static | sessionlock_debugging () |
| Display debugging info about slow and blocked script. | |
| static | set_user (\stdClass $user) |
| Set current user. | |
| static | start () |
| Start user session. | |
| static | terminate_current () |
| Terminate current user session. | |
| static | time_remaining ($sid) |
| Return the number of seconds remaining in the current session. | |
| static | touch_session ($sid) |
| Fake last access for given session, this prevents session timeout. | |
| static | update_recent_session_locks ($sessionlock) |
| Updates the recent session locks. | |
| static | update_session (\stdClass $record) |
| Update a session record. | |
| static | validate_login_token ($token=false) |
| Check the submitted value against the stored login token. | |
| static | write_close () |
| No more changes in session expected. | |
Public Attributes | |
| replacement | : 'destroy_all' |
| Terminate all sessions unconditionally. | |
| replacement | : 'destroy' |
| Terminate give session unconditionally. | |
| replacement | : 'destroy_by_auth_plugin' |
| Kill sessions of users with disabled plugins. | |
| replacement | : 'destroy_user_sessions' |
| Terminate all sessions of given user unconditionally. | |
| int const | MAXIMUM_STORED_SESSION_HISTORY = 50 |
| A hard cutoff of maximum stored history. | |
| int const | SESSION_RESET_GAP_THRESHOLD = 1 |
| The recent session locks array is reset if there is a time gap more than this value in seconds. | |
| replacement | since: '4.5' |
Static Protected Member Functions | |
| static | check_security () |
| Do various session security checks. | |
| static | initialise_user_session ($newsid) |
| Initialise $_SESSION, handles google access and sets up not-logged-in user properly. | |
| static | load_handler () |
| Create handler instance. | |
| static | prepare_cookies () |
| Make sure all cookie and session related stuff is configured properly before session start. | |
Static Protected Attributes | |
| static handler | $handler |
| $handler active session handler instance | |
| static string | $logintokenkey = 'core_auth_login' |
| $logintokenkey Key used to get and store request protection for login form. | |
| static bool | $sessionactive = null |
| $sessionactive Is the session active? | |
|
static |
Insert new empty session record.
| int | $userid |
| stdClass | the new record |
|
static |
Terminate other sessions of current user depending on $CFG->limitconcurrentlogins restriction.
This is expected to be called right after complete_user_login().
NOTE:
| int | $userid | |
| string | $sid | session id to be always keep, usually the current one |
| void |
|
static |
Checks if the session has been mutated since it was closed.
In write_close the session is saved to the variable $sessionatclose If there is a difference between $sessionatclose and the current session, it means a script has erroneously closed the session too early. Script is usually called in shutdown_manager
|
staticprotected |
Do various session security checks.
WARNING: $USER and $SESSION are set up later, do not use them yet!
| core\session\exception |
|
static |
Destroy a specific session and delete this session record for this session id.
| string | $id |
| bool |
|
static |
Destroy all sessions, and delete all the session data.
| bool |
|
static |
Destroy all sessions for a given plugin.
Typically used when a plugin is disabled or uninstalled, so all sessions (users) for that plugin are logged out.
| string | $pluginname | Auth plugin name. |
|
static |
Destroy all sessions of given user unconditionally.
| int | $userid | |
| string | $keepsid | keep this sid if present |
|
static |
Display the page which blocks other pages.
| string |
|
static |
Periodic timed-out session cleanup.
| int | $maxlifetime | Sessions that have not updated for the last max_lifetime seconds will be removed. |
| void |
|
static |
Get fully qualified name of session handler class.
| string | The name of the handler class |
|
static |
Get the page that blocks other pages at a specific timestamp.
Look for a page whose lock was gained before that timestamp, and released after that timestamp.
| float | $time | Time before session lock starts. |
| array|null |
|
static |
Get the current login token or generate a new one.
All login forms generated from Moodle must include a login token named "logintoken" with the value being the result of this function. Logins will be rejected if they do not include this token as well as the username and password fields.
| string | The current login token. |
|
static |
Returns current page performance info.
| array | perf info |
|
static |
Returns the $USER object ignoring current login-as session.
| stdClass | user object |
|
static |
Get the recent session locks array.
| array | Recent session locks array. |
|
static |
Returns a single session record for this session id.
| string | $sid |
| stdClass |
|
static |
Get session lock info of the current page.
| array |
|
static |
Returns all the session records for this user id.
| int | $userid |
| array |
|
static |
Empty current session, fill it with not-logged-in user info.
This is intended for installation scripts, unit tests and other special areas. Do NOT use for logout and session termination in normal requests!
| mixed | $newsid | only used after initialising a user session, is this a new user session? |
|
staticprotected |
Initialise $_SESSION, handles google access and sets up not-logged-in user properly.
WARNING: $USER and $SESSION are set up later, do not use them yet!
| bool | $newsid | is this a new session in first http request? |
|
static |
Is current $USER logged-in-as somebody else?
| bool |
|
static |
Add a JS session keepalive to the page.
A JS session keepalive script will be called to update the session modification time every $frequency seconds.
Upon failure, the specified error message will be shown to the user.
| string | $identifier | The string identifier for the message to show on failure. |
| string | $component | The string component for the message to show on failure. |
| int | $frequency | The update frequency in seconds. |
| int | $timeout | The timeout of each request in seconds. |
| coding_exception | IF the frequency is longer than the session lifetime. |
|
static |
Login user, to be called from complete_user_login() only.
| stdClass | $user |
|
static |
Login as another user - no security checks here.
| int | $userid | |
| context | $context | |
| bool | $generateevent | Set to false to prevent the loginas event to be generated |
| void |
|
static |
If the current session is not writeable, abort it, and re-open it requesting (and blocking) until a write lock is acquired.
If current session was already opened with an intentional write lock, this call will not do anything. NOTE: Even when using a session handler that does not support non-locking sessions, if the original session was not opened with the explicit intention of being locked, this will still restart your session so that code behaviour matches as closely as practical across environments.
| bool | $readonlysession | Used by debugging logic to determine if whatever triggered the restart (e.g., a webservice) declared itself as read only. |
|
static |
Does the PHP session with given id exist?
The session must exist both in session table and actual session backend and the session must not be timed out.
Timeout evaluation is simplified, the auth hooks are not executed.
| string | $sid |
| bool |
|
static |
Set current user.
| stdClass | $user | record |
|
static |
Start user session.
Note: This is intended to be called only from lib/setup.php!
|
static |
Terminate current user session.
| void |
|
static |
Return the number of seconds remaining in the current session.
| string | $sid |
|
static |
Fake last access for given session, this prevents session timeout.
| string | $sid |
|
static |
Updates the recent session locks.
This function will store session lock info of all the pages visited.
| array | $sessionlock | Session lock array. |
|
static |
Update a session record.
| stdClass | $record |
| bool |
|
static |
Check the submitted value against the stored login token.
| mixed | $token | The value submitted in the login form that we are validating. If false is passed for the token, this function will always return true. |
| boolean | If the submitted token is valid. |
|
static |
No more changes in session expected.
Unblocks the sessions, other scripts may start executing in parallel.
| replacement core\session\manager::__pad0__ |
| replacement core\session\manager::__pad1__ |
Terminate give session unconditionally.
| string | $sid |
| void |
| replacement core\session\manager::__pad2__ |
Kill sessions of users with disabled plugins.
| string | $pluginname |
| void |
| replacement core\session\manager::__pad3__ |
Terminate all sessions of given user unconditionally.
| int | $userid | |
| string | $keepsid | keep this sid if present |
1.13.2