session_test.module 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205
  1. <?php
  2. /**
  3. * Implements hook_menu().
  4. */
  5. function session_test_menu() {
  6. $items['session-test/get'] = array(
  7. 'title' => 'Session value',
  8. 'page callback' => '_session_test_get',
  9. 'access arguments' => array('access content'),
  10. 'type' => MENU_CALLBACK,
  11. );
  12. $items['session-test/id'] = array(
  13. 'title' => 'Session ID',
  14. 'page callback' => '_session_test_id',
  15. 'access arguments' => array('access content'),
  16. 'type' => MENU_CALLBACK,
  17. );
  18. $items['session-test/id-from-cookie'] = array(
  19. 'title' => 'Session ID from cookie',
  20. 'page callback' => '_session_test_id_from_cookie',
  21. 'access arguments' => array('access content'),
  22. 'type' => MENU_CALLBACK,
  23. );
  24. $items['session-test/set/%'] = array(
  25. 'title' => 'Set session value',
  26. 'page callback' => '_session_test_set',
  27. 'page arguments' => array(2),
  28. 'access arguments' => array('access content'),
  29. 'type' => MENU_CALLBACK,
  30. );
  31. $items['session-test/no-set/%'] = array(
  32. 'title' => 'Set session value but do not save session',
  33. 'page callback' => '_session_test_no_set',
  34. 'page arguments' => array(2),
  35. 'access arguments' => array('access content'),
  36. 'type' => MENU_CALLBACK,
  37. );
  38. $items['session-test/set-message'] = array(
  39. 'title' => 'Set message',
  40. 'page callback' => '_session_test_set_message',
  41. 'access arguments' => array('access content'),
  42. 'type' => MENU_CALLBACK,
  43. );
  44. $items['session-test/set-message-but-dont-save'] = array(
  45. 'title' => 'Set message but do not save session',
  46. 'page callback' => '_session_test_set_message_but_dont_save',
  47. 'access arguments' => array('access content'),
  48. 'type' => MENU_CALLBACK,
  49. );
  50. $items['session-test/set-not-started'] = array(
  51. 'title' => 'Set message when session is not started',
  52. 'page callback' => '_session_test_set_not_started',
  53. 'access arguments' => array('access content'),
  54. 'type' => MENU_CALLBACK,
  55. );
  56. $items['session-test/is-logged-in'] = array(
  57. 'title' => 'Check if user is logged in',
  58. 'page callback' => '_session_test_is_logged_in',
  59. 'access callback' => 'user_is_logged_in',
  60. 'type' => MENU_CALLBACK,
  61. );
  62. return $items;
  63. }
  64. /**
  65. * It's very unusual to do anything outside of a function / hook, but in this
  66. * case we want to simulate a given session.cookie_samesite setting in php.ini
  67. * or via ini_set() in settings.php. This would almost never be a good idea
  68. * outside of a test scenario.
  69. */
  70. if (isset($_SERVER['HTTP_X_SESSION_COOKIE_INI_SET'])) {
  71. if (in_array($_SERVER['HTTP_X_SESSION_COOKIE_INI_SET'], array('None', 'Lax', 'Strict', '*EMPTY*'))) {
  72. $value = ($_SERVER['HTTP_X_SESSION_COOKIE_INI_SET'] == '*EMPTY*') ? '' : $_SERVER['HTTP_X_SESSION_COOKIE_INI_SET'];
  73. ini_set('session.cookie_samesite', $value);
  74. }
  75. }
  76. /**
  77. * Implements hook_boot().
  78. */
  79. function session_test_boot() {
  80. header('X-Session-Empty: ' . intval(empty($_SESSION)));
  81. }
  82. /**
  83. * Page callback, prints the stored session value to the screen.
  84. */
  85. function _session_test_get() {
  86. if (!empty($_SESSION['session_test_value'])) {
  87. return t('The current value of the stored session variable is: %val', array('%val' => $_SESSION['session_test_value']));
  88. }
  89. else {
  90. return "";
  91. }
  92. }
  93. /**
  94. * Page callback, stores a value in $_SESSION['session_test_value'].
  95. */
  96. function _session_test_set($value) {
  97. $_SESSION['session_test_value'] = $value;
  98. return t('The current value of the stored session variable has been set to %val', array('%val' => $value));
  99. }
  100. /**
  101. * Menu callback: turns off session saving and then tries to save a value
  102. * anyway.
  103. */
  104. function _session_test_no_set($value) {
  105. drupal_save_session(FALSE);
  106. _session_test_set($value);
  107. return t('session saving was disabled, and then %val was set', array('%val' => $value));
  108. }
  109. /**
  110. * Menu callback: print the current session ID.
  111. */
  112. function _session_test_id() {
  113. // Set a value in $_SESSION, so that drupal_session_commit() will start
  114. // a session.
  115. $_SESSION['test'] = 'test';
  116. drupal_session_commit();
  117. return 'session_id:' . session_id() . "\n";
  118. }
  119. /**
  120. * Menu callback: print the current session ID as read from the cookie.
  121. */
  122. function _session_test_id_from_cookie() {
  123. return 'session_id:' . $_COOKIE[session_name()] . "\n";
  124. }
  125. /**
  126. * Menu callback, sets a message to me displayed on the following page.
  127. */
  128. function _session_test_set_message() {
  129. drupal_set_message(t('This is a dummy message.'));
  130. print t('A message was set.');
  131. // Do not return anything, so the current request does not result in a themed
  132. // page with messages. The message will be displayed in the following request
  133. // instead.
  134. }
  135. /**
  136. * Menu callback, sets a message but call drupal_save_session(FALSE).
  137. */
  138. function _session_test_set_message_but_dont_save() {
  139. drupal_save_session(FALSE);
  140. _session_test_set_message();
  141. }
  142. /**
  143. * Menu callback, stores a value in $_SESSION['session_test_value'] without
  144. * having started the session in advance.
  145. */
  146. function _session_test_set_not_started() {
  147. if (!drupal_session_will_start()) {
  148. $_SESSION['session_test_value'] = t('Session was not started');
  149. }
  150. }
  151. /**
  152. * Implements hook_user().
  153. */
  154. function session_test_user_login($edit = array(), $user = NULL) {
  155. if ($user->name == 'session_test_user') {
  156. // Exit so we can verify that the session was regenerated
  157. // before hook_user() was called.
  158. exit;
  159. }
  160. }
  161. /**
  162. * Implements hook_form_FORM_ID_alter().
  163. */
  164. function session_test_form_user_login_alter(&$form) {
  165. $form['#https'] = TRUE;
  166. }
  167. /**
  168. * Implements hook_drupal_goto_alter().
  169. *
  170. * Force the redirection to go to a non-secure page after being on a secure
  171. * page through https.php.
  172. */
  173. function session_test_drupal_goto_alter(&$path, &$options, &$http_response_code) {
  174. global $base_insecure_url, $is_https_mock;
  175. // Alter the redirect to use HTTP when using a mock HTTPS request through
  176. // https.php because form submissions would otherwise redirect to a
  177. // non-existent HTTPS site.
  178. if (!empty($is_https_mock)) {
  179. $path = $base_insecure_url . '/' . $path;
  180. }
  181. }
  182. /**
  183. * Menu callback, only available if current user is logged in.
  184. */
  185. function _session_test_is_logged_in() {
  186. return t('User is logged in.');
  187. }