1: <?php
2: namespace Opencart\Catalog\Controller\Startup;
3: /**
4: * Class Session
5: *
6: * @package Opencart\Catalog\Controller\Startup
7: */
8: class Session extends \Opencart\System\Engine\Controller {
9: /**
10: * @throws \Exception
11: *
12: * @return void
13: */
14: public function index(): void {
15: $session = new \Opencart\System\Library\Session($this->config->get('session_engine'), $this->registry);
16: $this->registry->set('session', $session);
17:
18: if (isset($this->request->get['route']) && substr((string)$this->request->get['route'], 0, 4) == 'api/' && isset($this->request->get['api_token'])) {
19: $this->load->model('setting/api');
20:
21: $this->model_setting_api->cleanSessions();
22:
23: // Make sure the IP is allowed
24: $api_info = $this->model_setting_api->getApiByToken($this->request->get['api_token']);
25:
26: if ($api_info) {
27: $this->session->start($this->request->get['api_token']);
28:
29: $this->model_setting_api->updateSession($api_info['api_session_id']);
30: }
31:
32: return;
33: }
34:
35: /*
36: We are adding the session cookie outside of the session class as I believe
37: PHP messed up in a big way handling sessions. Why in the hell is it so hard to
38: have more than one concurrent session using cookies!
39:
40: Is it not better to have multiple cookies when accessing parts of the system
41: that requires different cookie sessions for security reasons.
42: */
43:
44: // Update the session lifetime
45: if ($this->config->get('config_session_expire')) {
46: $this->config->set('session_expire', $this->config->get('config_session_expire'));
47: }
48:
49: // Update the session SameSite
50: $this->config->set('session_samesite', $this->config->get('config_session_samesite'));
51:
52: if (isset($this->request->cookie[$this->config->get('session_name')])) {
53: $session_id = $this->request->cookie[$this->config->get('session_name')];
54: } else {
55: $session_id = '';
56: }
57:
58: $session->start($session_id);
59:
60: $option = [
61: 'expires' => time() + (int)$this->config->get('config_session_expire'),
62: 'path' => $this->config->get('session_path'),
63: 'secure' => $this->request->server['HTTPS'],
64: 'httponly' => false,
65: 'SameSite' => $this->config->get('session_samesite')
66: ];
67:
68: $this->response->addHeader('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0');
69:
70: setcookie($this->config->get('session_name'), $session->getId(), $option);
71: }
72: }
73: