[bse.git] / site / cgi-bin / modules / BSE / Session.pm

package BSE::Session;
use strict;
use CGI::Cookie;
use BSE::DB;
use BSE::CfgInfo qw/custom_class/;

our $VERSION = "1.002";

sub _session_require {
  my ($cfg) = @_;

  my $class = _session_class($cfg);
  $class =~ s!::!/!g;

  return "$class.pm";
}

sub _session_class {
  my ($cfg) = @_;

  return $cfg->entry('basic', 'session_class', "Apache::Session::MySQL");
}

sub _send_session_cookie {
  my ($self, $session, $cfg) = @_;

  my $debug = $cfg->entry('debug', 'cookies');

  my $cookie_name = $cfg->entry('basic', 'cookie_name', 'sessionid');
  my %extras;
  if ($cfg->entry("basic", "http_only_session", 1)) {
    $extras{httponly} = 1;
  }
  if ($cfg->entry("basic", "secure_session")) {
    $extras{secure} = 1;
  }
  my $cookie = $self->make_cookie($cfg, $cookie_name => $session->{_session_id}, \%extras);
  BSE::Session->send_cookie($cookie);

  print STDERR "Sent cookie: $cookie\n" if $debug;

  my $custom = custom_class($cfg);
  if ($custom->can('send_session_cookie')) {
    $custom->send_session_cookie($cookie_name, $session, $session->{_session_id}, $cfg);
  }
}

sub tie_it {
  my ($self, $session, $cfg) = @_;

  my $require = _session_require($cfg);
  require $require;

  my $cookie_name = $cfg->entry('basic', 'cookie_name', 'sessionid');
  my $lifetime = $cfg->entry('basic', 'cookie_lifetime') || '+3h';
  my $debug = $cfg->entry('debug', 'cookies');
  my %cookies = fetch CGI::Cookie;
  if ($debug) {
    require Data::Dumper;
    print STDERR "Received cookies: ", Data::Dumper::Dumper(\%cookies);
  }
  my $sessionid;
  $sessionid = $cookies{$cookie_name}->value if exists $cookies{$cookie_name};

  my $dh = BSE::DB->single;
  eval {
    tie %$session, _session_class($cfg), $sessionid,
    {
     Handle=>$dh->{dbh},
     LockHandle=>$dh->{dbh}
    };
  };
  print STDERR "Error getting session: $@\n" if $@ && $debug;
  if ($@ && $@ =~ /Object does not exist/) {
    # try again
    undef $sessionid;
    tie %$session, _session_class($cfg), $sessionid,
    {
     Handle=>$dh->{dbh},
     LockHandle=>$dh->{dbh}
    };
  }
  unless ($sessionid) {
    # save the new sessionid
    $self->_send_session_cookie($session, $cfg);
  }

  if ($cfg->entry('debug', 'dump_session')) {
    require Data::Dumper;
    print STDERR Data::Dumper->Dump([ $session ], [ 'session' ]);
  }
}

sub change_cookie {
  my ($self, $session, $cfg, $sessionid, $newsession) = @_;

  #my $cookie_name = $cfg->entry('basic', 'cookie_name', 'sessionid');
  #BSE::Session->send_cookie($self->make_cookie($cfg, $cookie_name, $sessionid));
  my $dh = BSE::DB->single;
  eval {
    tie %$newsession, _session_class($cfg), $sessionid,
    {
     Handle=>$dh->{dbh},
     LockHandle=>$dh->{dbh}
    };
  };

  $self->_send_session_cookie($newsession, $cfg);
}

sub make_cookie {
  my ($self, $cfg, $name, $value, $extras) = @_;

  $extras ||= {};
  $extras->{lifetime} ||= $cfg->entry('basic', 'cookie_lifetime') || '+3h';
  $name = $cfg->entry('cookie names', $name, $name);
  my %opts =
    (
     -name => $name,
     -value => $value,
     -path => '/',
     map {; "-$_" => $extras->{$_} } keys %$extras,
    );
  my $domain = $ENV{HTTP_HOST};
  $domain =~ s/:\d+$//;
  $domain = $cfg->entry('basic', 'cookie_domain', $domain);
  if ($domain !~ /^\d+\.\d+\.\d+\.\d+$/) {
    $opts{"-domain"} = $domain;
  }

  return CGI::Cookie->new(%opts);
}

sub send_cookie {
  my ($class, $cookie) = @_;

  if (exists $ENV{GATEWAY_INTERFACE}
      && $ENV{GATEWAY_INTERFACE} =~ /^CGI-Perl\//) {
    my $r = Apache->request or die;
    $r->header_out('Set-Cookie' => "$cookie");
  }
  else {
    print "Set-Cookie: $cookie\n";
  }
}

sub clear {
  my ($class, $session) = @_;

  my $tie = tied(%$session);
  if ($tie) {
    $tie->delete();
  }
}

1;

=head1 NAME

BSE::Session - wrapper around Apache::Session for BSE.

=head1 SYNOPSIS

  use BSE::Session;
  use BSE::Cfg
  my %session;
  my $cfg = BSE::Cfg->new;
  BSE::Session->tie_it(\%session, $cfg);

  BSE::Session->clear($session);

=head1 DESCRIPTION

Provides a thinnish wrapper around Apache::Session, providing the interface
to BSE's database abstraction, configuration, retries and cookie setup.

=head1 KEYS

=over

=item *

cart - the customer's shopping cart, should only be set on the secure side

=item *

custom - custom values set by shopping cart processing, should only be
set on the secure side

=item *

userid - id of the logged on normal user.

=item *

adminuserid - id of the logged on admin user.

=item *

affiliate_code - id of the affiliate set by affiliate.pl

=back

=head1 AUTHOR

Tony Cook <tony@develop-help.com>

=cut
Commit	Line	Data
589b789c TC	1	package BSE::Session;
589b789c TC	2	use strict;
589b789c TC	3	use CGI::Cookie;
589b789c TC	4	use BSE::DB;
bd29e194	5	use BSE::CfgInfo qw/custom_class/;
589b789c	6
5bbf7309	7	our $VERSION = "1.002";
cb7fd78d	8
bd29e194 TC	9	sub _session_require {
	10	my ($cfg) = @_;
	11
	12	my $class = _session_class($cfg);
	13	$class =~ s!::!/!g;
	14
	15	return "$class.pm";
	16	}
	17
	18	sub _session_class {
	19	my ($cfg) = @_;
	20
5bbf7309	21	return $cfg->entry('basic', 'session_class', "Apache::Session::MySQL");
bd29e194 TC	22	}
	23
	24	sub _send_session_cookie {
	25	my ($self, $session, $cfg) = @_;
	26
	27	my $debug = $cfg->entry('debug', 'cookies');
	28
	29	my $cookie_name = $cfg->entry('basic', 'cookie_name', 'sessionid');
dbe8a12a TC	30	my %extras;
	31	if ($cfg->entry("basic", "http_only_session", 1)) {
	32	$extras{httponly} = 1;
	33	}
	34	if ($cfg->entry("basic", "secure_session")) {
	35	$extras{secure} = 1;
	36	}
	37	my $cookie = $self->make_cookie($cfg, $cookie_name => $session->{_session_id}, \%extras);
bd29e194 TC	38	BSE::Session->send_cookie($cookie);
	39
	40	print STDERR "Sent cookie: $cookie\n" if $debug;
	41
	42	my $custom = custom_class($cfg);
	43	if ($custom->can('send_session_cookie')) {
	44	$custom->send_session_cookie($cookie_name, $session, $session->{_session_id}, $cfg);
	45	}
	46	}
589b789c	47
589b789c TC	48	sub tie_it {
589b789c TC	49	my ($self, $session, $cfg) = @_;
3c8b9c2c	50
bd29e194 TC	51	my $require = _session_require($cfg);
	52	require $require;
	53
3c8b9c2c	54	my $cookie_name = $cfg->entry('basic', 'cookie_name', 'sessionid');
589b789c	55	my $lifetime = $cfg->entry('basic', 'cookie_lifetime') \|\| '+3h';
2d873eb6	56	my $debug = $cfg->entry('debug', 'cookies');
589b789c	57	my %cookies = fetch CGI::Cookie;
2d873eb6 TC	58	if ($debug) {
	59	require Data::Dumper;
	60	print STDERR "Received cookies: ", Data::Dumper::Dumper(\%cookies);
	61	}
589b789c	62	my $sessionid;
3c8b9c2c	63	$sessionid = $cookies{$cookie_name}->value if exists $cookies{$cookie_name};
589b789c TC	64
	65	my $dh = BSE::DB->single;
	66	eval {
bd29e194	67	tie %$session, _session_class($cfg), $sessionid,
589b789c TC	68	{
	69	Handle=>$dh->{dbh},
	70	LockHandle=>$dh->{dbh}
	71	};
	72	};
505456b1	73	print STDERR "Error getting session: $@\n" if $@ && $debug;
589b789c TC	74	if ($@ && $@ =~ /Object does not exist/) {
	75	# try again
	76	undef $sessionid;
bd29e194	77	tie %$session, _session_class($cfg), $sessionid,
589b789c TC	78	{
	79	Handle=>$dh->{dbh},
	80	LockHandle=>$dh->{dbh}
	81	};
	82	}
	83	unless ($sessionid) {
bd29e194 TC	84	# save the new sessionid
bd29e194 TC	85	$self->_send_session_cookie($session, $cfg);
589b789c	86	}
4175638b TC	87
	88	if ($cfg->entry('debug', 'dump_session')) {
	89	require Data::Dumper;
	90	print STDERR Data::Dumper->Dump([ $session ], [ 'session' ]);
	91	}
589b789c TC	92	}
589b789c TC	93
6e3d2da5 TC	94	sub change_cookie {
	95	my ($self, $session, $cfg, $sessionid, $newsession) = @_;
	96
bd29e194 TC	97	#my $cookie_name = $cfg->entry('basic', 'cookie_name', 'sessionid');
bd29e194 TC	98	#BSE::Session->send_cookie($self->make_cookie($cfg, $cookie_name, $sessionid));
6e3d2da5 TC	99	my $dh = BSE::DB->single;
6e3d2da5 TC	100	eval {
bd29e194	101	tie %$newsession, _session_class($cfg), $sessionid,
6e3d2da5 TC	102	{
	103	Handle=>$dh->{dbh},
	104	LockHandle=>$dh->{dbh}
	105	};
	106	};
bd29e194 TC	107
bd29e194 TC	108	$self->_send_session_cookie($newsession, $cfg);
6e3d2da5 TC	109	}
6e3d2da5 TC	110
6a8a205a	111	sub make_cookie {
dbe8a12a	112	my ($self, $cfg, $name, $value, $extras) = @_;
6a8a205a	113
dbe8a12a TC	114	$extras \|\|= {};
dbe8a12a TC	115	$extras->{lifetime} \|\|= $cfg->entry('basic', 'cookie_lifetime') \|\| '+3h';
87958c2f	116	$name = $cfg->entry('cookie names', $name, $name);
6a8a205a TC	117	my %opts =
	118	(
	119	-name => $name,
	120	-value => $value,
dbe8a12a TC	121	-path => '/',
dbe8a12a TC	122	map {; "-$_" => $extras->{$_} } keys %$extras,
6a8a205a	123	);
53f53326 TC	124	my $domain = $ENV{HTTP_HOST};
	125	$domain =~ s/:\d+$//;
	126	$domain = $cfg->entry('basic', 'cookie_domain', $domain);
6a8a205a TC	127	if ($domain !~ /^\d+\.\d+\.\d+\.\d+$/) {
	128	$opts{"-domain"} = $domain;
	129	}
dbe8a12a	130
6a8a205a TC	131	return CGI::Cookie->new(%opts);
	132	}
	133
8f84f3f1 TC	134	sub send_cookie {
	135	my ($class, $cookie) = @_;
	136
	137	if (exists $ENV{GATEWAY_INTERFACE}
	138	&& $ENV{GATEWAY_INTERFACE} =~ /^CGI-Perl\//) {
	139	my $r = Apache->request or die;
	140	$r->header_out('Set-Cookie' => "$cookie");
	141	}
	142	else {
	143	print "Set-Cookie: $cookie\n";
	144	}
	145	}
	146
0966259f TC	147	sub clear {
	148	my ($class, $session) = @_;
	149
	150	my $tie = tied(%$session);
	151	if ($tie) {
	152	$tie->delete();
	153	}
	154	}
	155
589b789c	156	1;
daee3409 TC	157
	158	=head1 NAME
	159
	160	BSE::Session - wrapper around Apache::Session for BSE.
	161
	162	=head1 SYNOPSIS
	163
	164	use BSE::Session;
	165	use BSE::Cfg
	166	my %session;
	167	my $cfg = BSE::Cfg->new;
	168	BSE::Session->tie_it(\%session, $cfg);
	169
0966259f TC	170	BSE::Session->clear($session);
0966259f TC	171
daee3409 TC	172	=head1 DESCRIPTION
	173
	174	Provides a thinnish wrapper around Apache::Session, providing the interface
	175	to BSE's database abstraction, configuration, retries and cookie setup.
	176
	177	=head1 KEYS
	178
	179	=over
	180
	181	=item *
	182
	183	cart - the customer's shopping cart, should only be set on the secure side
	184
	185	=item *
	186
	187	custom - custom values set by shopping cart processing, should only be
	188	set on the secure side
	189
	190	=item *
	191
0ec4ac8a TC	192	userid - id of the logged on normal user.
	193
	194	=item *
	195
	196	adminuserid - id of the logged on admin user.
	197
	198	=item *
	199
	200	affiliate_code - id of the affiliate set by affiliate.pl
daee3409 TC	201
	202	=back
	203
	204	=head1 AUTHOR
	205
	206	Tony Cook <tony@develop-help.com>
	207
	208	=cut