Airship\Engine\Bolt\Security::verifySessionCanary PHP Method

Security Trait Documentation Show file Open project: paragonie/airship

verifySessionCanary() public method

If another session triggered a password reset, we should be logged out as per the Bridge configuration. (This /is/ an optional feature.)

public verifySessionCanary ( integer $userID, boolean $logOut = true ) : boolean
$userID	integer
$logOut	boolean
return	boolean

    public function verifySessionCanary(int $userID, bool $logOut = true) : bool
    {
        if (empty($_SESSION['session_canary'])) {
            return false;
        }
        $db = \Airship\get_database();
        $canary = $db->cell('SELECT session_canary FROM airship_users WHERE userid = ?', $userID);
        if (empty($canary)) {
            $this->log('No session canary was registered with this user in the database.', LogLevel::DEBUG, ['database' => $canary, 'session' => $_SESSION['session_canary']]);
            $this->completeLogOut();
            return false;
        }
        if (!\hash_equals($canary, $_SESSION['session_canary'])) {
            $this->log('User was logged out for having the wrong canary.', LogLevel::DEBUG, ['expected' => $canary, 'possessed' => $_SESSION['session_canary']]);
            if ($logOut) {
                $this->completeLogOut();
            }
            return false;
        }
        return true;
    }

Security

can

completeLogOut

doAutoLogin

getActiveUserId

isLoggedIn

isSuperUser

tightenSecurityBolt

verifySessionCanary