JSession

Extends \JObject

Class for managing HTTP sessions

Provides access to session-state values as well as session-level settings and lifetime management methods. Based on the standard PHP session handling mechanism it provides more advanced features such as expire timeouts.

package

Joomla.Platform

subpackage

Session

since

11.1

Methods

__construct

Class constructor, overridden in descendant classes.

__construct(mixed $properties = null) 
inherited
since

11.1

Arguments

$properties

mixedEither and associative array or another object to set the initial properties of the object.

__destruct

Session object destructor

__destruct() 
since

11.1

__toString

Magic method to convert the object to a string gracefully.

__toString() : string
inherited deprecated
since

11.1

deprecated

12.3 Classes should provide their own __toString() implementation.

Response

stringThe classname.

_createId

Create a session id

_createId() : string
since

11.1

Response

stringSession ID

_createToken

Create a token-string

_createToken(integer $length = 32) : string
since

11.1

Arguments

$length

integerLength of string

Response

stringGenerated token

_setCookieParams

Set session cookie parameters

_setCookieParams() : void
since

11.1

_setCounter

Set counter of session usage

_setCounter() : boolean
since

11.1

Response

booleanTrue on success

_setOptions

Set additional session options

_setOptions( &$options) : boolean
since

11.1

Arguments

$options

Response

booleanTrue on success

_setTimers

Set the session timers

_setTimers() : boolean
since

11.1

Response

booleanTrue on success

_start

Start a session.

_start() : boolean

Creates a session (or resumes the current one based on the state of the session)

since

11.1

Response

booleantrue on success

_validate

Do some checks for security reason

_validate(boolean $restart = false) : boolean
  • timeout check (expire)
  • ip-fixiation
  • browser-fixiation

If one check failed, session data has to be cleaned.

see

http://shiflett.org/articles/the-truth-about-sessions

since

11.1

Arguments

$restart

booleanReactivate session

Response

booleanTrue on success

checkToken

Checks for a form token in the request.

checkToken(string $method = 'post') : boolean
static

Use in conjunction with JHtml::_('form.token') or JSession::getFormToken.

since

12.1

Arguments

$method

stringThe request method in which to look for the token key.

Response

booleanTrue if found and valid, false otherwise.

clear

Unset data from the session store

clear(string $name, string $namespace = 'default') : mixed
since

11.1

Arguments

$name

stringName of variable

$namespace

stringNamespace to use, default to 'default'

Response

mixedThe value from session or NULL if not set

close

Writes session data and ends session

close() : void

Session data is usually stored after your script terminated without the need to call JSession::close(), but as session data is locked to prevent concurrent writes only one script may operate on a session at any time. When using framesets together with sessions you will experience the frames loading one by one due to this locking. You can reduce the time needed to load all the frames by ending the session as soon as all changes to session variables are done.

see \session_write_close()
since

11.1

def

Sets a default value if not alreay assigned

def(string $property, mixed $default = null) : mixed
inherited
since

11.1

Arguments

$property

stringThe name of the property.

$default

mixedThe default value.

Response

mixed

destroy

Frees all session variables and destroys all data registered to a session

destroy() : boolean

This method resets the $_SESSION variable and destroys all of the data associated with the current session in its storage (file or DB). It forces new session to be started after this method is called. It does not unset the session cookie.

see \session_destroy() \session_unset()
since

11.1

Response

booleanTrue on success

fork

Create a new session and copy variables from the old one

fork() : boolean
since

11.1

Response

boolean$result true on success

get

Returns a property of the object or the default value if the property is not set.

get(string $property, mixed $default = null) : mixed
inherited
since

11.1

see \JObject::getProperties()

Arguments

$property

stringThe name of the property.

$default

mixedThe default value.

Response

mixedThe value of the property.

getError

Get the most recent error message.

getError(integer $i = null, boolean $toString = true) : string
inherited deprecated
since

11.1

see \JError
deprecated

12.3 JError has been deprecated

Arguments

$i

integerOption error index.

$toString

booleanIndicates if JError objects should return their error message.

Response

stringError message

getErrors

Return all errors, if any.

getErrors() : array
inherited deprecated
since

11.1

see \JError
deprecated

12.3 JError has been deprecated

Response

arrayArray of error messages or JErrors.

getExpire

Get expiration time in minutes

getExpire() : integer
since

11.1

Response

integerThe session expiration time in minutes

getFormToken

Method to determine a hash for anti-spoofing variable names

getFormToken(boolean $forceNew = false) : string
static
since

11.1

Arguments

$forceNew

booleanIf true, force a new token to be created

Response

stringHashed var name

getId

Get session id

getId() : string
since

11.1

Response

stringThe session name

getInstance

Returns the global Session object, only creating it if it doesn't already exist.

getInstance(string $handler, array $options) : \JSession
static
since

11.1

Arguments

$handler

stringThe type of session handler.

$options

arrayAn array of configuration options.

Response

\JSessionThe Session object.

getName

Get session name

getName() : string
since

11.1

Response

stringThe session name

getProperties

Returns an associative array of object properties.

getProperties(boolean $public = true) : array
inherited
since

11.1

see \JObject::get()

Arguments

$public

booleanIf true, returns only the public properties.

Response

array

getState

Get current state of session

getState() : string
since

11.1

Response

stringThe session state

getStores

Get the session handlers

getStores() : array
static
since

11.1

Response

arrayAn array of available session handlers

getToken

Get a session token, if a token isn't set yet one will be generated.

getToken(boolean $forceNew = false) : string

Tokens are used to secure forms from spamming attacks. Once a token has been generated the system will check the post request to see if it is present, if not it will invalidate the session.

since

11.1

Arguments

$forceNew

booleanIf true, force a new token to be created

Response

stringThe session token

has

Check whether data exists in the session store

has(string $name, string $namespace = 'default') : boolean
since

11.1

Arguments

$name

stringName of variable

$namespace

stringNamespace to use, default to 'default'

Response

booleanTrue if the variable exists

hasToken

Method to determine if a token exists in the session. If not the session will be set to expired

hasToken(string $tCheck, boolean $forceExpire = true) : boolean
since

11.1

Arguments

$tCheck

stringHashed token to be verified

$forceExpire

booleanIf true, expires the session

Response

boolean

isNew

Check whether this session is currently created

isNew() : boolean
since

11.1

Response

booleanTrue on success.

restart

Restart an expired or locked session.

restart() : boolean
see \destroy
since

11.1

Response

booleanTrue on success

set

Modifies a property of the object, creating it if it does not already exist.

set(string $property, mixed $value = null) : mixed
inherited
since

11.1

Arguments

$property

stringThe name of the property.

$value

mixedThe value of the property to set.

Response

mixedPrevious value of the property.

setError

Add an error message.

setError(string $error) : void
inherited deprecated
since

11.1

see \JError
deprecated

12.3 JError has been deprecated

Arguments

$error

stringError message.

setProperties

Set the object properties based on a named array/hash.

setProperties(mixed $properties) : boolean
inherited
since

11.1

see \JObject::set()

Arguments

$properties

mixedEither an associative array or another object.

Response

boolean

toString

Converts the object to a string (the class name).

toString() : string
inherited deprecated
since

11.1

deprecated

12.1 Use magic method __toString()

see \JObject::__toString()

Response

string

Properties

_state

Internal state.

One of 'active'|'expired'|'destroyed'|'error'

see \JSession::getState()
since

11.1

Type(s)

string

_expire

Maximum age of unused session in minutes

since

11.1

Type(s)

string

_store

The session store object.

since

11.1

Type(s)

\JSessionStorage

_security

Security policy.

List of checks that will be done.

Default values:

  • fix_browser
  • fix_adress
since

11.1

Type(s)

array

_force_ssl

Force cookies to be SSL only Default false

since

11.1

Type(s)

boolean

instance

JSession instances container.

static
since

11.3

Type(s)

\JSession

_errors

An array of error messages or Exception objects.

inherited deprecated
since

11.1

see \JError
deprecated

12.3 JError has been deprecated

Type(s)

array