[bse.git] / site / cgi-bin / modules / BSE / Session.pm

package BSE::Session;
use strict;
use CGI::Cookie;
use BSE::DB;
use BSE::CfgInfo qw/custom_class/;

our $VERSION = "1.003";

sub _session_require {
  my ($cfg) = @_;

  my $class = _session_class($cfg);
  $class =~ s!::!/!g;

  return "$class.pm";
}

sub _session_class {
  my ($cfg) = @_;

  return $cfg->entry('basic', 'session_class', "Apache::Session::MySQL");
}

sub _send_session_cookie {
  my ($self, $session, $cfg) = @_;

  my $debug = $cfg->entry('debug', 'cookies');

  my $cookie_name = $cfg->entry('basic', 'cookie_name', 'sessionid');
  my %extras;
  if ($cfg->entry("basic", "http_only_session", 1)) {
    $extras{httponly} = 1;
  }
  if ($cfg->entry("basic", "secure_session")) {
    $extras{secure} = 1;
  }
  my $cookie = $self->make_cookie($cfg, $cookie_name => $session->{_session_id}, \%extras);
  BSE::Session->send_cookie($cookie);

  print STDERR "Sent cookie: $cookie\n" if $debug;

  my $custom = custom_class($cfg);
  if ($custom->can('send_session_cookie')) {
    $custom->send_session_cookie($cookie_name, $session, $session->{_session_id}, $cfg);
  }
}

sub tie_it {
  my ($self, $session, $cfg) = @_;

  my $require = _session_require($cfg);
  require $require;

  my $cookie_name = $cfg->entry('basic', 'cookie_name', 'sessionid');
  my $lifetime = $cfg->entry('basic', 'cookie_lifetime') || '+3h';
  my $debug = $cfg->entry('debug', 'cookies');
  my %cookies = fetch CGI::Cookie;
  if ($debug) {
    require Data::Dumper;
    print STDERR "Received cookies: ", Data::Dumper::Dumper(\%cookies);
  }
  my $sessionid;
  $sessionid = $cookies{$cookie_name}->value if exists $cookies{$cookie_name};

  my $dh = BSE::DB->single;
  eval {
    tie %$session, _session_class($cfg), $sessionid,
    {
     Handle=>$dh->{dbh},
     LockHandle=>$dh->{dbh}
    };
  };
  print STDERR "Error getting session: $@\n" if $@ && $debug;
  if ($@ && $@ =~ /Object does not exist/) {
    # try again
    undef $sessionid;
    tie %$session, _session_class($cfg), $sessionid,
    {
     Handle=>$dh->{dbh},
     LockHandle=>$dh->{dbh}
    };
  }
  unless ($sessionid) {
    # save the new sessionid
    $self->_send_session_cookie($session, $cfg);
  }

  if ($cfg->entry('debug', 'dump_session')) {
    require Data::Dumper;
    print STDERR Data::Dumper->Dump([ $session ], [ 'session' ]);
  }
}

sub change_cookie {
  my ($self, $session, $cfg, $sessionid, $newsession) = @_;

  #my $cookie_name = $cfg->entry('basic', 'cookie_name', 'sessionid');
  #BSE::Session->send_cookie($self->make_cookie($cfg, $cookie_name, $sessionid));
  my $dh = BSE::DB->single;
  eval {
    tie %$newsession, _session_class($cfg), $sessionid,
    {
     Handle=>$dh->{dbh},
     LockHandle=>$dh->{dbh}
    };
  };

  $self->_send_session_cookie($newsession, $cfg);
}

sub make_cookie {
  my ($self, $cfg, $name, $value, $extras) = @_;

  $extras ||= {};
  $extras->{expires} ||= $cfg->entry('basic', 'cookie_lifetime', '+3h');
  $extras->{expires} =~ /\S/ or delete $extras->{expires};
  $name = $cfg->entry('cookie names', $name, $name);
  my %opts =
    (
     -name => $name,
     -value => $value,
     -path => '/',
     map {; "-$_" => $extras->{$_} } keys %$extras,
    );
  my $domain = $ENV{HTTP_HOST};
  $domain =~ s/:\d+$//;
  $domain = $cfg->entry('basic', 'cookie_domain', $domain);
  if ($domain !~ /^\d+\.\d+\.\d+\.\d+$/) {
    $opts{"-domain"} = $domain;
  }

  return CGI::Cookie->new(%opts);
}

sub send_cookie {
  my ($class, $cookie) = @_;

  if (exists $ENV{GATEWAY_INTERFACE}
      && $ENV{GATEWAY_INTERFACE} =~ /^CGI-Perl\//) {
    my $r = Apache->request or die;
    $r->header_out('Set-Cookie' => "$cookie");
  }
  else {
    print "Set-Cookie: $cookie\n";
  }
}

sub clear {
  my ($class, $session) = @_;

  my $tie = tied(%$session);
  if ($tie) {
    $tie->delete();
  }
}

1;

=head1 NAME

BSE::Session - wrapper around Apache::Session for BSE.

=head1 SYNOPSIS

  use BSE::Session;
  use BSE::Cfg
  my %session;
  my $cfg = BSE::Cfg->new;
  BSE::Session->tie_it(\%session, $cfg);

  BSE::Session->clear($session);

=head1 DESCRIPTION

Provides a thinnish wrapper around Apache::Session, providing the interface
to BSE's database abstraction, configuration, retries and cookie setup.

=head1 KEYS

=over

=item *

cart - the customer's shopping cart, should only be set on the secure side

=item *

custom - custom values set by shopping cart processing, should only be
set on the secure side

=item *

userid - id of the logged on normal user.

=item *

adminuserid - id of the logged on admin user.

=item *

affiliate_code - id of the affiliate set by affiliate.pl

=back

=head1 AUTHOR

Tony Cook <tony@develop-help.com>

=cut
Commit	Line	Data
589b789c TC	1	package BSE::Session;
589b789c TC	2	use strict;
589b789c TC	3	use CGI::Cookie;
589b789c TC	4	use BSE::DB;
bd29e194	5	use BSE::CfgInfo qw/custom_class/;
589b789c	6
41292119	7	our $VERSION = "1.003";
cb7fd78d	8
bd29e194 TC	9	sub _session_require {
	10	my ($cfg) = @_;
	11
	12	my $class = _session_class($cfg);
	13	$class =~ s!::!/!g;
	14
	15	return "$class.pm";
	16	}
	17
	18	sub _session_class {
	19	my ($cfg) = @_;
	20
5bbf7309	21	return $cfg->entry('basic', 'session_class', "Apache::Session::MySQL");
bd29e194 TC	22	}
	23
	24	sub _send_session_cookie {
	25	my ($self, $session, $cfg) = @_;
	26
	27	my $debug = $cfg->entry('debug', 'cookies');
	28
	29	my $cookie_name = $cfg->entry('basic', 'cookie_name', 'sessionid');
dbe8a12a TC	30	my %extras;
	31	if ($cfg->entry("basic", "http_only_session", 1)) {
	32	$extras{httponly} = 1;
	33	}
	34	if ($cfg->entry("basic", "secure_session")) {
	35	$extras{secure} = 1;
	36	}
	37	my $cookie = $self->make_cookie($cfg, $cookie_name => $session->{_session_id}, \%extras);
bd29e194 TC	38	BSE::Session->send_cookie($cookie);
	39
	40	print STDERR "Sent cookie: $cookie\n" if $debug;
	41
	42	my $custom = custom_class($cfg);
	43	if ($custom->can('send_session_cookie')) {
	44	$custom->send_session_cookie($cookie_name, $session, $session->{_session_id}, $cfg);
	45	}
	46	}
589b789c	47
589b789c TC	48	sub tie_it {
589b789c TC	49	my ($self, $session, $cfg) = @_;
3c8b9c2c	50
bd29e194 TC	51	my $require = _session_require($cfg);
	52	require $require;
	53
3c8b9c2c	54	my $cookie_name = $cfg->entry('basic', 'cookie_name', 'sessionid');
589b789c	55	my $lifetime = $cfg->entry('basic', 'cookie_lifetime') \|\| '+3h';
2d873eb6	56	my $debug = $cfg->entry('debug', 'cookies');
589b789c	57	my %cookies = fetch CGI::Cookie;
2d873eb6 TC	58	if ($debug) {
	59	require Data::Dumper;
	60	print STDERR "Received cookies: ", Data::Dumper::Dumper(\%cookies);
	61	}
589b789c	62	my $sessionid;
3c8b9c2c	63	$sessionid = $cookies{$cookie_name}->value if exists $cookies{$cookie_name};
589b789c TC	64
	65	my $dh = BSE::DB->single;
	66	eval {
bd29e194	67	tie %$session, _session_class($cfg), $sessionid,
589b789c TC	68	{
	69	Handle=>$dh->{dbh},
	70	LockHandle=>$dh->{dbh}
	71	};
	72	};
505456b1	73	print STDERR "Error getting session: $@\n" if $@ && $debug;
589b789c TC	74	if ($@ && $@ =~ /Object does not exist/) {
	75	# try again
	76	undef $sessionid;
bd29e194	77	tie %$session, _session_class($cfg), $sessionid,
589b789c TC	78	{
	79	Handle=>$dh->{dbh},
	80	LockHandle=>$dh->{dbh}
	81	};
	82	}
	83	unless ($sessionid) {
bd29e194 TC	84	# save the new sessionid
bd29e194 TC	85	$self->_send_session_cookie($session, $cfg);
589b789c	86	}
4175638b TC	87
	88	if ($cfg->entry('debug', 'dump_session')) {
	89	require Data::Dumper;
	90	print STDERR Data::Dumper->Dump([ $session ], [ 'session' ]);
	91	}
589b789c TC	92	}
589b789c TC	93
6e3d2da5 TC	94	sub change_cookie {
	95	my ($self, $session, $cfg, $sessionid, $newsession) = @_;
	96
bd29e194 TC	97	#my $cookie_name = $cfg->entry('basic', 'cookie_name', 'sessionid');
bd29e194 TC	98	#BSE::Session->send_cookie($self->make_cookie($cfg, $cookie_name, $sessionid));
6e3d2da5 TC	99	my $dh = BSE::DB->single;
6e3d2da5 TC	100	eval {
bd29e194	101	tie %$newsession, _session_class($cfg), $sessionid,
6e3d2da5 TC	102	{
	103	Handle=>$dh->{dbh},
	104	LockHandle=>$dh->{dbh}
	105	};
	106	};
bd29e194 TC	107
bd29e194 TC	108	$self->_send_session_cookie($newsession, $cfg);
6e3d2da5 TC	109	}
6e3d2da5 TC	110
6a8a205a	111	sub make_cookie {
dbe8a12a	112	my ($self, $cfg, $name, $value, $extras) = @_;
6a8a205a	113
dbe8a12a	114	$extras \|\|= {};
41292119 TC	115	$extras->{expires} \|\|= $cfg->entry('basic', 'cookie_lifetime', '+3h');
41292119 TC	116	$extras->{expires} =~ /\S/ or delete $extras->{expires};
87958c2f	117	$name = $cfg->entry('cookie names', $name, $name);
6a8a205a TC	118	my %opts =
	119	(
	120	-name => $name,
	121	-value => $value,
dbe8a12a TC	122	-path => '/',
dbe8a12a TC	123	map {; "-$_" => $extras->{$_} } keys %$extras,
6a8a205a	124	);
53f53326 TC	125	my $domain = $ENV{HTTP_HOST};
	126	$domain =~ s/:\d+$//;
	127	$domain = $cfg->entry('basic', 'cookie_domain', $domain);
6a8a205a TC	128	if ($domain !~ /^\d+\.\d+\.\d+\.\d+$/) {
	129	$opts{"-domain"} = $domain;
	130	}
dbe8a12a	131
6a8a205a TC	132	return CGI::Cookie->new(%opts);
	133	}
	134
8f84f3f1 TC	135	sub send_cookie {
	136	my ($class, $cookie) = @_;
	137
	138	if (exists $ENV{GATEWAY_INTERFACE}
	139	&& $ENV{GATEWAY_INTERFACE} =~ /^CGI-Perl\//) {
	140	my $r = Apache->request or die;
	141	$r->header_out('Set-Cookie' => "$cookie");
	142	}
	143	else {
	144	print "Set-Cookie: $cookie\n";
	145	}
	146	}
	147
0966259f TC	148	sub clear {
	149	my ($class, $session) = @_;
	150
	151	my $tie = tied(%$session);
	152	if ($tie) {
	153	$tie->delete();
	154	}
	155	}
	156
589b789c	157	1;
daee3409 TC	158
	159	=head1 NAME
	160
	161	BSE::Session - wrapper around Apache::Session for BSE.
	162
	163	=head1 SYNOPSIS
	164
	165	use BSE::Session;
	166	use BSE::Cfg
	167	my %session;
	168	my $cfg = BSE::Cfg->new;
	169	BSE::Session->tie_it(\%session, $cfg);
	170
0966259f TC	171	BSE::Session->clear($session);
0966259f TC	172
daee3409 TC	173	=head1 DESCRIPTION
	174
	175	Provides a thinnish wrapper around Apache::Session, providing the interface
	176	to BSE's database abstraction, configuration, retries and cookie setup.
	177
	178	=head1 KEYS
	179
	180	=over
	181
	182	=item *
	183
	184	cart - the customer's shopping cart, should only be set on the secure side
	185
	186	=item *
	187
	188	custom - custom values set by shopping cart processing, should only be
	189	set on the secure side
	190
	191	=item *
	192
0ec4ac8a TC	193	userid - id of the logged on normal user.
	194
	195	=item *
	196
	197	adminuserid - id of the logged on admin user.
	198
	199	=item *
	200
	201	affiliate_code - id of the affiliate set by affiliate.pl
daee3409 TC	202
	203	=back
	204
	205	=head1 AUTHOR
	206
	207	Tony Cook <tony@develop-help.com>
	208
	209	=cut