Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/engine/PhabricatorAuthSessionEngine.php
| Show All 30 Lines | final class PhabricatorAuthSessionEngine extends Phobject { | ||||
| * logged in on multiple browsers at the same time, for instance). | * logged in on multiple browsers at the same time, for instance). | ||||
| * | * | ||||
| * Note that this method is transport-agnostic and does not set cookies or | * Note that this method is transport-agnostic and does not set cookies or | ||||
| * issue other types of tokens, it ONLY generates a new session key. | * issue other types of tokens, it ONLY generates a new session key. | ||||
| * | * | ||||
| * You can configure the maximum number of concurrent sessions for various | * You can configure the maximum number of concurrent sessions for various | ||||
| * session types in the Phabricator configuration. | * session types in the Phabricator configuration. | ||||
| * | * | ||||
| * @param string Session type, like "web". | * @param const Session type constant (see | ||||
| * @{class:PhabricatorAuthSession}). | |||||
| * @param phid Identity to establish a session for, usually a user PHID. | * @param phid Identity to establish a session for, usually a user PHID. | ||||
| * @return string Newly generated session key. | * @return string Newly generated session key. | ||||
| */ | */ | ||||
| public function establishSession($session_type, $identity_phid) { | public function establishSession($session_type, $identity_phid) { | ||||
| $session_table = new PhabricatorAuthSession(); | $session_table = new PhabricatorAuthSession(); | ||||
| $conn_w = $session_table->establishConnection('w'); | $conn_w = $session_table->establishConnection('w'); | ||||
| if (strpos($session_type, '-') !== false) { | if (strpos($session_type, '-') !== false) { | ||||
| throw new Exception("Session type must not contain hyphen ('-')!"); | throw new Exception("Session type must not contain hyphen ('-')!"); | ||||
| } | } | ||||
| // We allow multiple sessions of the same type, so when a caller requests | // We allow multiple sessions of the same type, so when a caller requests | ||||
| // a new session of type "web", we give them the first available session in | // a new session of type "web", we give them the first available session in | ||||
| // "web-1", "web-2", ..., "web-N", up to some configurable limit. If none | // "web-1", "web-2", ..., "web-N", up to some configurable limit. If none | ||||
| // of these sessions is available, we overwrite the oldest session and | // of these sessions is available, we overwrite the oldest session and | ||||
| // reissue a new one in its place. | // reissue a new one in its place. | ||||
| $session_limit = 1; | $session_limit = 1; | ||||
| switch ($session_type) { | switch ($session_type) { | ||||
| case 'web': | case PhabricatorAuthSession::TYPE_WEB: | ||||
| $session_limit = PhabricatorEnv::getEnvConfig('auth.sessions.web'); | $session_limit = PhabricatorEnv::getEnvConfig('auth.sessions.web'); | ||||
| break; | break; | ||||
| case 'conduit': | case PhabricatorAuthSession::TYPE_CONDUIT: | ||||
| $session_limit = PhabricatorEnv::getEnvConfig('auth.sessions.conduit'); | $session_limit = PhabricatorEnv::getEnvConfig('auth.sessions.conduit'); | ||||
| break; | break; | ||||
| default: | default: | ||||
| throw new Exception("Unknown session type '{$session_type}'!"); | throw new Exception("Unknown session type '{$session_type}'!"); | ||||
| } | } | ||||
| $session_limit = (int)$session_limit; | $session_limit = (int)$session_limit; | ||||
| if ($session_limit <= 0) { | if ($session_limit <= 0) { | ||||
| ▲ Show 20 Lines • Show All 112 Lines • Show Last 20 Lines | |||||