public static function init()
{
// the default path for the session cookie is /, but let's make that potentially more restrictive so no one steals our cookehs
// we also can't use 'null' when we set a secure-only value, because that doesn't mean the same as the default like it should
$path = Site::get_path('base', true);
// the default is not to require a secure session
$secure = false;
// if we want to always require secure
if (Config::get('force_secure_session') == true) {
$secure = true;
}
// if this is an HTTPS connection by default we will
// IIS sets HTTPS == 'off', so we have to check the value too
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
$secure = true;
}
// but if we have explicitly disabled it, don't
// note the ===. not setting it (ie: null) should not be the same as setting it to false
if (Config::get('force_secure_session') === false) {
$secure = false;
}
// now we've got a path and secure, so set the cookie values
session_set_cookie_params(null, $path, null, $secure);
// figure out the session lifetime and let plugins change it
$lifetime = ini_get('session.gc_maxlifetime');
self::$lifetime = Plugins::filter('session_lifetime', $lifetime);
//$_SESSION = new SessionStorage();
if (isset($_COOKIE[self::HABARI_SESSION_COOKIE_NAME])) {
self::$session_id = $_COOKIE[self::HABARI_SESSION_COOKIE_NAME];
self::read();
self::$stored_session_hash = self::session_data_hash();
}
// make sure we check whether or not we should write the session after the page is rendered
register_shutdown_function(Method::create('\\Habari\\Session', 'shutdown'));
// process the write queue
register_shutdown_function(Method::create('\\Habari\\Session', 'process_queue'));
return true;
}
