blob: ccfa6ba67a49215d3e12c715d3286193f58c4ce3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\Security\Http\Session;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\HttpFoundation\Request;
/**
* The default session strategy implementation.
*
* Supports the following strategies:
* NONE: the session is not changed
* MIGRATE: the session id is updated, attributes are kept
* INVALIDATE: the session id is updated, attributes are lost
*
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
*/
class SessionAuthenticationStrategy implements SessionAuthenticationStrategyInterface
{
const NONE = 'none';
const MIGRATE = 'migrate';
const INVALIDATE = 'invalidate';
private $strategy;
public function __construct($strategy)
{
$this->strategy = $strategy;
}
/**
* {@inheritdoc}
*/
public function onAuthentication(Request $request, TokenInterface $token)
{
switch ($this->strategy) {
case self::NONE:
return;
case self::MIGRATE:
// Destroying the old session is broken in php 5.4.0 - 5.4.10
// See php bug #63379
$destroy = PHP_VERSION_ID < 50400 || PHP_VERSION_ID >= 50411;
$request->getSession()->migrate($destroy);
return;
case self::INVALIDATE:
$request->getSession()->invalidate();
return;
default:
throw new \RuntimeException(sprintf('Invalid session authentication strategy "%s"', $this->strategy));
}
}
}
|
