80 lines
2.4 KiB
PHP
80 lines
2.4 KiB
PHP
|
<?php
|
||
|
|
|
||
|
|
namespace Core;
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Session Configuration
|
||
|
|
*
|
||
|
|
* Handles session handler configuration and initialization
|
||
|
|
*/
|
||
|
|
class SessionConfig
|
||
|
|
{
|
||
|
|
/**
|
||
|
|
* Configure and initialize session handler
|
||
|
|
*
|
||
|
|
* Attempts to use database sessions if available, falls back to file sessions
|
||
|
|
*/
|
||
|
|
public static function configure(): void
|
||
|
|
{
|
||
|
|
try {
|
||
|
|
// Check if database sessions are available
|
||
|
|
if (self::isDatabaseSessionsAvailable()) {
|
||
|
|
$sessionLifetime = (int)($_ENV['SESSION_LIFETIME'] ?? 1440);
|
||
|
|
$handler = new DatabaseSessionHandler($sessionLifetime);
|
||
|
|
session_set_save_handler($handler, true);
|
||
|
|
}
|
||
|
|
// If not available, PHP will use default file-based sessions (no action needed)
|
||
|
|
} catch (\Exception $e) {
|
||
|
|
// Fall back to default file-based sessions
|
||
|
|
error_log("Database session handler not available, using file sessions: " . $e->getMessage());
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Check if database sessions are available
|
||
|
|
*
|
||
|
|
* @return bool True if sessions table exists and database is accessible
|
||
|
|
*/
|
||
|
|
private static function isDatabaseSessionsAvailable(): bool
|
||
|
|
{
|
||
|
|
try {
|
||
|
|
// Check if database credentials are configured
|
||
|
|
if (empty($_ENV['DB_HOST']) || empty($_ENV['DB_DATABASE'])) {
|
||
|
|
return false;
|
||
|
|
}
|
||
|
|
|
||
|
|
// Create PDO connection
|
||
|
|
$pdo = new \PDO(
|
||
|
|
"mysql:host={$_ENV['DB_HOST']};dbname={$_ENV['DB_DATABASE']}",
|
||
|
|
$_ENV['DB_USERNAME'],
|
||
|
|
$_ENV['DB_PASSWORD'],
|
||
|
|
[
|
||
|
|
\PDO::ATTR_ERRMODE => \PDO::ERRMODE_EXCEPTION,
|
||
|
|
\PDO::ATTR_DEFAULT_FETCH_MODE => \PDO::FETCH_ASSOC
|
||
|
|
]
|
||
|
|
);
|
||
|
|
|
||
|
|
// Check if sessions table exists
|
||
|
|
$stmt = $pdo->query("SHOW TABLES LIKE 'sessions'");
|
||
|
|
return $stmt->rowCount() > 0;
|
||
|
|
|
||
|
|
} catch (\Exception $e) {
|
||
|
|
// Database not available or sessions table doesn't exist
|
||
|
|
return false;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Start session with validation
|
||
|
|
*/
|
||
|
|
public static function start(): void
|
||
|
|
{
|
||
|
|
session_start();
|
||
|
|
|
||
|
|
// Validate session exists in database (for database-backed sessions)
|
||
|
|
// This ensures deleted sessions are immediately invalidated
|
||
|
|
SessionValidator::validate();
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|