public isValidSession ( string $authCookie ) : boolean | ||
$authCookie | string | |
Результат | boolean |
public function isValidSession($authCookie)
{
if ($authCookie === null) {
throw new AccessControlException('Can not validate session with an empty token.');
}
if ($this->validSession !== null) {
return $this->validSession;
}
$check = false;
$sessionAuth = null;
/** @var \Bolt\AccessControl\Token\Token $sessionAuth */
if ($this->session->isStarted() && ($sessionAuth = $this->session->get('authentication'))) {
$check = $this->checkSessionStored($sessionAuth);
}
if (!$check) {
// Either the session keys don't match, or the session is too old
$check = $this->checkSessionDatabase($authCookie);
}
if ($check) {
return $this->validSession = true;
}
$this->validSession = false;
$this->systemLogger->debug("Clearing sessions for expired or invalid token: {$authCookie}", ['event' => 'authentication']);
return $this->revokeSession();
}
/** * When redirecting to the backend dashboard (while logged in), * if the user does not have access change the redirect to the homepage. * * @param \Symfony\Component\HttpFoundation\RedirectResponse $response */ protected function handleNoBackendAccess(RedirectResponse $response) { $authCookie = $this->session->get('authentication'); if (!$this->authentication->isValidSession((string) $authCookie)) { return; } $dashboardPath = $this->urlGenerator->generate('dashboard'); $dashboardAccess = $this->users->isAllowed('dashboard'); if ($response->getTargetUrl() === $dashboardPath && !$dashboardAccess) { $this->session->getFlashBag()->clear(); $response->setTargetUrl($this->urlGenerator->generate('homepage')); } }