| public isValidSession ( string $authCookie ) : boolean | ||
| $authCookie | string | |
| return | boolean | |
public function isValidSession($authCookie)
{
if ($authCookie === null) {
throw new AccessControlException('Can not validate session with an empty token.');
}
if ($this->validSession !== null) {
return $this->validSession;
}
$check = false;
$sessionAuth = null;
/** @var \Bolt\AccessControl\Token\Token $sessionAuth */
if ($this->session->isStarted() && ($sessionAuth = $this->session->get('authentication'))) {
$check = $this->checkSessionStored($sessionAuth);
}
if (!$check) {
// Either the session keys don't match, or the session is too old
$check = $this->checkSessionDatabase($authCookie);
}
if ($check) {
return $this->validSession = true;
}
$this->validSession = false;
$this->systemLogger->debug("Clearing sessions for expired or invalid token: {$authCookie}", ['event' => 'authentication']);
return $this->revokeSession();
} /**
* When redirecting to the backend dashboard (while logged in),
* if the user does not have access change the redirect to the homepage.
*
* @param \Symfony\Component\HttpFoundation\RedirectResponse $response
*/
protected function handleNoBackendAccess(RedirectResponse $response)
{
$authCookie = $this->session->get('authentication');
if (!$this->authentication->isValidSession((string) $authCookie)) {
return;
}
$dashboardPath = $this->urlGenerator->generate('dashboard');
$dashboardAccess = $this->users->isAllowed('dashboard');
if ($response->getTargetUrl() === $dashboardPath && !$dashboardAccess) {
$this->session->getFlashBag()->clear();
$response->setTargetUrl($this->urlGenerator->generate('homepage'));
}
}
