private $remembered = false;
private $forceHTTPS = false;
private $idIsSafe = false;
+ private $forceUse = false;
/** @var array|null */
private $providerMetadata = null;
* Defaults to true.
* - forceHTTPS: (bool) Whether to force HTTPS for this session
* - metadata: (array) Provider metadata, to be returned by
- * Session::getProviderMetadata().
+ * Session::getProviderMetadata(). See SessionProvider::mergeMetadata()
+ * and SessionProvider::refreshSessionInfo().
* - idIsSafe: (bool) Set true if the 'id' did not come from the user.
* Generally you'll use this from SessionProvider::newEmptySession(),
* and not from any other method.
+ * - forceUse: (bool) Set true if the 'id' is from
+ * SessionProvider::hashToSessionId() to delete conflicting session
+ * store data instead of discarding this SessionInfo. Ignored unless
+ * both 'provider' and 'id' are given.
* - copyFrom: (SessionInfo) SessionInfo to copy other data items from.
*/
public function __construct( $priority, array $data ) {
'forceHTTPS' => $from->forceHTTPS,
'metadata' => $from->providerMetadata,
'idIsSafe' => $from->idIsSafe,
+ 'forceUse' => $from->forceUse,
// @codeCoverageIgnoreStart
];
// @codeCoverageIgnoreEnd
'forceHTTPS' => false,
'metadata' => null,
'idIsSafe' => false,
+ 'forceUse' => false,
// @codeCoverageIgnoreStart
];
// @codeCoverageIgnoreEnd
if ( $data['id'] !== null ) {
$this->id = $data['id'];
$this->idIsSafe = $data['idIsSafe'];
+ $this->forceUse = $data['forceUse'] && $this->provider;
} else {
$this->id = $this->provider->getManager()->generateSessionId();
$this->idIsSafe = true;
+ $this->forceUse = false;
}
$this->priority = (int)$priority;
$this->userInfo = $data['userInfo'];
return $this->idIsSafe;
}
+ /**
+ * Force use of this SessionInfo if validation fails
+ *
+ * The normal behavior is to discard the SessionInfo if validation against
+ * the data stored in the session store fails. If this returns true,
+ * SessionManager will instead delete the session store data so this
+ * SessionInfo may still be used. This is important for providers which use
+ * deterministic IDs and so cannot just generate a random new one.
+ *
+ * @return bool
+ */
+ final public function forceUse() {
+ return $this->forceUse;
+ }
+
/**
* Return the priority
* @return int