Cosession
extends AutoService
in package
implements
EventSubscriberInterface
The co-session provides a long (real) session built on top of short (fake) sessions.
Within an iframe context, cookies are unreliable. The CMS creates cookies and sessions, but they only work for 1 page-load. On the next page-load, you're in a new session. These short sessions are kind of pointless - but they're baked into each CMS (cumbersome to fine-tune). To achieve session-like behavior, we need to propagate request-parameters instead.
For the "iframe co-session", we sync the short-lived CMS sessions with a long-lived co-session.
- The co-session is stored separately (via
Civi::cache('session')) - The co-session is activated by a request-parameter (
?_cosession={JWT}) instead of a cookie. - The request-parameter is outputted at key moments (e.g.
hook_buildForm) so that it propagates to subsequent requests. - As the request begins (as the CMS session starts), we import data from the co-session.
- As the request finishes (as the CMS session ends), we export data back to the co-session.
Tags
Table of Contents
Interfaces
- EventSubscriberInterface
Properties
- $jwt : CryptoJwt
- $sessionId : string|null
- $ttl : mixed
Methods
- export() : mixed
- Export data from the short-lived CMS session. Save it to the co-session.
- findCreateSessionId() : string|null
- getSubscribedEvents() : array<string|int, mixed>
- import() : mixed
- Get the long-lived co-session. Import data into the short-lived CMS session.
- isEmbeddable() : bool
- Determine whether the request is allowed within an iframe iframe.
- onBuildForm() : mixed
- onInvoke() : mixed
- onRedirect() : mixed
- pickTheme() : void
- createSessionId() : string
- createToken() : string
- parseToken() : string
- rotateSessionId() : void
Properties
$jwt
protected
CryptoJwt
$jwt
Tags
$sessionId
protected
string|null
$sessionId
= NULL
$ttl
protected
mixed
$ttl
= '+3 hour'
Methods
export()
Export data from the short-lived CMS session. Save it to the co-session.
public
export() : mixed
findCreateSessionId()
public
findCreateSessionId() : string|null
Return values
string|nullgetSubscribedEvents()
public
static getSubscribedEvents() : array<string|int, mixed>
Return values
array<string|int, mixed>import()
Get the long-lived co-session. Import data into the short-lived CMS session.
public
import() : mixed
isEmbeddable()
Determine whether the request is allowed within an iframe iframe.
public
isEmbeddable(string $path) : bool
Parameters
- $path : string
-
Ex: 'civicrm/foo/bar'
Return values
bool —TRUE if this path is embeddable
onBuildForm()
public
onBuildForm(mixed $formName, mixed $form) : mixed
Parameters
- $formName : mixed
- $form : mixed
Tags
onInvoke()
public
onInvoke(array<string|int, mixed> $path) : mixed
Parameters
- $path : array<string|int, mixed>
onRedirect()
public
onRedirect(UriInterface &$redirectUrl, mixed &$context) : mixed
Parameters
- $redirectUrl : UriInterface
- $context : mixed
pickTheme()
public
pickTheme(mixed &$themeKey, mixed $context) : void
Parameters
- $themeKey : mixed
- $context : mixed
Tags
createSessionId()
protected
createSessionId() : string
Return values
stringcreateToken()
protected
createToken(mixed $sessionId) : string
Parameters
- $sessionId : mixed
Return values
stringparseToken()
protected
parseToken(string $token) : string
Parameters
- $token : string
Return values
stringrotateSessionId()
protected
rotateSessionId() : void