src/Eccube/Session/Storage/Handler/SameSiteNoneCompatSessionHandler.php line 37

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of EC-CUBE
  5.  *
  6.  * Copyright(c) EC-CUBE CO.,LTD. All Rights Reserved.
  7.  *
  8.  * http://www.ec-cube.co.jp/
  9.  *
  10.  * For the full copyright and license information, please view the LICENSE
  11.  * file that was distributed with this source code.
  12.  */
  14. namespace Eccube\Session\Storage\Handler;
  16. use Skorp\Dissua\SameSite;
  17. use Symfony\Component\HttpFoundation\Cookie;
  18. use Symfony\Component\HttpFoundation\Request;
  19. use Symfony\Component\HttpFoundation\Session\Storage\Handler\StrictSessionHandler;
  21. class SameSiteNoneCompatSessionHandler extends StrictSessionHandler
  22. {
  23.     /** @var \SessionHandlerInterface */
  24.     private $handler;
  25.     /** @var bool */
  26.     private $doDestroy;
  27.     /** @var string */
  28.     private $sessionName;
  29.     /** @var string|null */
  30.     private $prefetchData;
  31.     /** @var string */
  32.     private $newSessionId;
  34.     /**
  35.      *  {@inheritdoc}
  36.      */
  37.     public function __construct(\SessionHandlerInterface $handler)
  38.     {
  39.         $this->handler $handler;
  41.         ini_set('session.cookie_secure'$this->getCookieSecure());
  42.         ini_set('session.cookie_samesite'$this->getCookieSameSite());
  43.         ini_set('session.cookie_path'$this->getCookiePath());
  44.     }
  46.     /**
  47.      * {@inheritdoc}
  48.      */
  49.     public function open($savePath$sessionName)
  50.     {
  51.         $this->sessionName $sessionName;
  52.         // see https://github.com/symfony/symfony/blob/2adc85d49cbe14e346068fa7e9c2e1f08ab31de6/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php#L35-L37
  53.         if (!headers_sent() && !ini_get('session.cache_limiter') && '0' !== ini_get('session.cache_limiter')) {
  54.             header(sprintf('Cache-Control: max-age=%d, private, must-revalidate'60 * (int) ini_get('session.cache_expire')));
  55.         }
  57.         return $this->handler->open($savePath$sessionName);
  58.     }
  60.     /**
  61.      * {@inheritdoc}
  62.      */
  63.     protected function doRead($sessionId)
  64.     {
  65.         return $this->handler->read($sessionId);
  66.     }
  68.     /**
  69.      * {@inheritdoc}
  70.      */
  71.     public function updateTimestamp($sessionId$data)
  72.     {
  73.         return $this->write($sessionId$data);
  74.     }
  76.     /**
  77.      * {@inheritdoc}
  78.      */
  79.     protected function doWrite($sessionId$data)
  80.     {
  81.         return $this->handler->write($sessionId$data);
  82.     }
  84.     /**
  85.      * {@inheritdoc}
  86.      *
  87.      * @see https://github.com/symfony/symfony/blob/2adc85d49cbe14e346068fa7e9c2e1f08ab31de6/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php#L126-L167
  88.      */
  89.     public function destroy($sessionId)
  90.     {
  91.         if (\PHP_VERSION_ID 70000) {
  92.             $this->prefetchData null;
  93.         }
  94.         if (!headers_sent() && filter_var(ini_get('session.use_cookies'), FILTER_VALIDATE_BOOLEAN)) {
  95.             if (!$this->sessionName) {
  96.                 throw new \LogicException(sprintf('Session name cannot be empty, did you forget to call "parent::open()" in "%s"?.'\get_class($this)));
  97.             }
  98.             $sessionCookie sprintf(' %s='urlencode($this->sessionName));
  99.             $sessionCookieWithId sprintf('%s%s;'$sessionCookieurlencode($sessionId));
  100.             $sessionCookieFound false;
  101.             $otherCookies = [];
  102.             foreach (headers_list() as $h) {
  103.                 if (!== stripos($h'Set-Cookie:')) {
  104.                     continue;
  105.                 }
  106.                 if (11 === strpos($h$sessionCookie11)) {
  107.                     $sessionCookieFound true;
  109.                     if (11 !== strpos($h$sessionCookieWithId11)) {
  110.                         $otherCookies[] = $h;
  111.                     }
  112.                 } else {
  113.                     $otherCookies[] = $h;
  114.                 }
  115.             }
  116.             if ($sessionCookieFound) {
  117.                 header_remove('Set-Cookie');
  118.                 foreach ($otherCookies as $h) {
  119.                     header($hfalse);
  120.                 }
  121.             } else {
  122.                 if (\PHP_VERSION_ID 70300) {
  123.                     setcookie($this->sessionName''0ini_get('session.cookie_path'), ini_get('session.cookie_domain'), filter_var(ini_get('session.cookie_secure'), FILTER_VALIDATE_BOOLEAN), filter_var(ini_get('session.cookie_httponly'), FILTER_VALIDATE_BOOLEAN));
  124.                 } else {
  125.                     setcookie($this->sessionName'',
  126.                               [
  127.                                   'expires' => 0,
  128.                                   'path' => $this->getCookiePath(),
  129.                                   'domain' => ini_get('session.cookie_domain'),
  130.                                   'secure' => filter_var(ini_get('session.cookie_secure'), FILTER_VALIDATE_BOOLEAN),
  131.                                   'httponly' => filter_var(ini_get('session.cookie_httponly'), FILTER_VALIDATE_BOOLEAN),
  132.                                   'samesite' => $this->getCookieSameSite(),
  133.                               ]
  134.                     );
  135.                 }
  136.             }
  137.         }
  139.         return $this->newSessionId === $sessionId || $this->doDestroy($sessionId);
  140.     }
  142.     /**
  143.      * {@inheritdoc}
  144.      */
  145.     protected function doDestroy($sessionId)
  146.     {
  147.         $this->doDestroy false;
  149.         return $this->handler->destroy($sessionId);
  150.     }
  152.     /**
  153.      * {@inheritdoc}
  154.      */
  155.     public function close()
  156.     {
  157.         return $this->handler->close();
  158.     }
  160.     /**
  161.      * @return bool
  162.      */
  163.     public function gc($maxlifetime)
  164.     {
  165.         return $this->handler->gc($maxlifetime);
  166.     }
  168.     /**
  169.      * @return string
  170.      */
  171.     public function getCookieSameSite()
  172.     {
  173.         if ($this->shouldSendSameSiteNone() && \PHP_VERSION_ID >= 70300 && $this->getCookieSecure()) {
  174.             return Cookie::SAMESITE_NONE;
  175.         }
  177.         return '';
  178.     }
  180.     /**
  181.      * @return string
  182.      */
  183.     public function getCookiePath()
  184.     {
  185.         $cookiePath env('ECCUBE_COOKIE_PATH''/');
  186.         if ($this->shouldSendSameSiteNone() && \PHP_VERSION_ID 70300 && $this->getCookieSecure()) {
  187.             return $cookiePath.'; SameSite='.Cookie::SAMESITE_NONE;
  188.         }
  190.         return $cookiePath;
  191.     }
  193.     /**
  194.      * @return string
  195.      */
  196.     public function getCookieSecure()
  197.     {
  198.         $request Request::createFromGlobals();
  200.         return $request->isSecure() ? '1' '0';
  201.     }
  203.     /**
  204.      * @return bool
  205.      */
  206.     private function shouldSendSameSiteNone()
  207.     {
  208.         $userAgent array_key_exists('HTTP_USER_AGENT'$_SERVER) ? $_SERVER['HTTP_USER_AGENT'] : null;
  210.         return SameSite::handle($userAgent);
  211.     }
  212. }