Use "break" instead of "continue"

[lhc/web/wiklou.git] / includes / session / SessionInfo.php
diff --git a/includes/session/SessionInfo.php b/includes/session/SessionInfo.php

index 1b5a834..287da9d 100644 (file)
--- a/includes/session/SessionInfo.php
+++ b/includes/session/SessionInfo.php
@@ -54,6 +54,7 @@ class SessionInfo {
         private $remembered = false;
         private $forceHTTPS = false;
         private $idIsSafe = false;
+       private $forceUse = false;
  
         /** @var array|null */
         private $providerMetadata = null;
@@ -72,10 +73,15 @@ class SessionInfo {
          *    Defaults to true.
          *  - forceHTTPS: (bool) Whether to force HTTPS for this session
          *  - metadata: (array) Provider metadata, to be returned by
-        *    Session::getProviderMetadata().
+        *    Session::getProviderMetadata(). See SessionProvider::mergeMetadata()
+        *    and SessionProvider::refreshSessionInfo().
          *  - idIsSafe: (bool) Set true if the 'id' did not come from the user.
          *    Generally you'll use this from SessionProvider::newEmptySession(),
          *    and not from any other method.
+        *  - forceUse: (bool) Set true if the 'id' is from
+        *    SessionProvider::hashToSessionId() to delete conflicting session
+        *    store data instead of discarding this SessionInfo. Ignored unless
+        *    both 'provider' and 'id' are given.
          *  - copyFrom: (SessionInfo) SessionInfo to copy other data items from.
          */
         public function __construct( $priority, array $data ) {
@@ -97,6 +103,7 @@ class SessionInfo {
                                 'forceHTTPS' => $from->forceHTTPS,
                                 'metadata' => $from->providerMetadata,
                                 'idIsSafe' => $from->idIsSafe,
+                               'forceUse' => $from->forceUse,
                                 // @codeCoverageIgnoreStart
                         ];
                         // @codeCoverageIgnoreEnd
@@ -110,6 +117,7 @@ class SessionInfo {
                                 'forceHTTPS' => false,
                                 'metadata' => null,
                                 'idIsSafe' => false,
+                               'forceUse' => false,
                                 // @codeCoverageIgnoreStart
                         ];
                         // @codeCoverageIgnoreEnd
@@ -137,9 +145,11 @@ class SessionInfo {
                 if ( $data['id'] !== null ) {
                         $this->id = $data['id'];
                         $this->idIsSafe = $data['idIsSafe'];
+                       $this->forceUse = $data['forceUse'] && $this->provider;
                 } else {
                         $this->id = $this->provider->getManager()->generateSessionId();
                         $this->idIsSafe = true;
+                       $this->forceUse = false;
                 }
                 $this->priority = (int)$priority;
                 $this->userInfo = $data['userInfo'];
@@ -185,6 +195,21 @@ class SessionInfo {
                 return $this->idIsSafe;
         }
  
+       /**
+        * Force use of this SessionInfo if validation fails
+        *
+        * The normal behavior is to discard the SessionInfo if validation against
+        * the data stored in the session store fails. If this returns true,
+        * SessionManager will instead delete the session store data so this
+        * SessionInfo may still be used. This is important for providers which use
+        * deterministic IDs and so cannot just generate a random new one.
+        *
+        * @return bool
+        */
+       final public function forceUse() {
+               return $this->forceUse;
+       }
+
         /**
          * Return the priority
          * @return int