WebSVN – Moodle – Diff – /lib/classes/session/redis.php

 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
-/**
- * Redis based session handler.
- *
- * @package    core
- * @copyright  2015 Russell Smith <mr-russ@smith2001.net>
- * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
- */
 namespace core\session;
+use coding_exception;
+use core\di;
 use core\clock;
+use RedisCluster;
-use RedisException;
+use RedisClusterException;
-use RedisClusterException;
+use RedisException;
 use SessionHandlerInterface;
-/**
- * Redis based session handler.
- *
- * The default Redis session handler does not handle locking in 2.2.7, so we have written a php session handler
- * that uses locking.  The places where locking is used was modeled from the memcached code that is used in Moodle
+/**
- * https://github.com/php-memcached-dev/php-memcached/blob/master/php_memcached_session.c
+ * Redis based session handler.
+ *
  * @package    core
- * @copyright  2016 Russell Smith
+ * @copyright  Russell Smith
  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
     /**
      * Compressor: PHP Zstandard.
      */
     const COMPRESSION_ZSTD      = 'zstd';
+    /** @var string Minimum server version */
+    const REDIS_MIN_SERVER_VERSION = "5.0.0";
+    /** @var string Minimum extension version */
+    const REDIS_MIN_EXTENSION_VERSION = "5.1.0";
     /** @var array $host save_path string  */
     protected array $host = [];
     /** @var int $port The port to connect to */
     protected $port = 6379;
     protected $auth = '';
     /** @var int $database the Redis database to store sesions in */
     protected $database = 0;
     /** @var array $servers list of servers parsed from save_path */
     protected $prefix = '';
+    /** @var string $sessionkeyprefix the prefix for the session key */
+    protected string $sessionkeyprefix = 'session_';
+    /** @var string $userkeyprefix the prefix for the user key */
+    protected string $userkeyprefix = 'user_';
     /** @var int $acquiretimeout how long to wait for session lock in seconds */
     protected $acquiretimeout = 120;
     /** @var int $acquirewarn how long before warning when waiting for a lock in seconds */
     protected $acquirewarn = null;
     /** @var int $lockretry how long to wait between session lock attempts in ms */
     /** @var int $compressor The compressor to use */
     protected $compressor = self::COMPRESSION_NONE;
     /** @var string $lasthash hash of the session data content */
     protected $lasthash = null;
+    /** @var int $gcbatchsize The number of redis keys that will be processed each time the garbage collector is executed. */
+    protected int $gcbatchsize = 100;
     /**
+     * How long to wait in seconds before expiring the lock automatically so that other requests may continue execution.
-     * @var int $lockexpire how long to wait in seconds before expiring the lock automatically
+     *
-     * so that other requests may continue execution, ignored if PECL redis is below version 2.2.0.
+     * @var int $lockexpire
      */
-    protected $lockexpire;
+    protected int $lockexpire;
-    /** @var Redis|RedisCluster Connection */
+    /** @var \Redis|\RedisCluster|null Connection */
-    protected $connection = null;
+    protected \Redis|\RedisCluster|null $connection = null;
     /** @var bool $clustermode Redis in cluster mode. */
     protected bool $clustermode = false;
+    /** @var int Maximum number of retries for cache store operations. */
+    protected int $maxretries = 3;
+    /** @var int $firstaccesstimeout The initial timeout (seconds) for the first browser access without login. */
+    protected int $firstaccesstimeout = 180;
+    /** @var clock A clock instance */
+    protected clock $clock;
-    /** @var int Maximum number of retries for cache store operations. */
+    /** @var int $connectiontimeout The number of seconds to wait for a connection or response from the Redis server. */
-    const MAX_RETRIES = 5;
+    protected int $connectiontimeout = 3;
     /**
         if (!empty($CFG->session_redis_serializer_use_igbinary) && defined('\Redis::SERIALIZER_IGBINARY')) {
             $this->serializer = \Redis::SERIALIZER_IGBINARY; // Set igbinary serializer if phpredis supports it.
-        }
-        // The following configures the session lifetime in redis to allow some
-        // wriggle room in the user noticing they've been booted off and
-        // letting them log back in before they lose their session entirely.
-        $updatefreq = empty($CFG->session_update_timemodified_frequency) ? 20 : $CFG->session_update_timemodified_frequency;
         $this->timeout = $CFG->sessiontimeout + $updatefreq + MINSECS;
         // This sets the Redis session lock expiry time to whatever is lower, either
+        // the PHP execution time `max_execution_time`, if the value is positive, or the
-        // the PHP execution time `max_execution_time`, if the value was defined in
+        // globally configured `sessiontimeout`.
-        // the `php.ini` or the globally configured `sessiontimeout`. Setting it to
+        //
+        // Setting it to the lower of the two will not make things worse it if the execution timeout
-        // the lower of the two will not make things worse it if the execution timeout
+        // is longer than the session timeout.
-        // is longer than the session timeout.
+        //
+        // For the PHP execution time, once the PHP execution time is over, we can be sure
-        // For the PHP execution time, once the PHP execution time is over, we can be sure
+        // that the lock is no longer actively held so that the lock can expire safely.
-        // that the lock is no longer actively held so that the lock can expire safely.
+        //
         // Although at `lib/classes/php_time_limit.php::raise(int)`, Moodle can
         // progressively increase the maximum PHP execution time, this is limited to the
         // `max_execution_time` value defined in the `php.ini`.
         // For the session timeout, we assume it is safe to consider the lock to expire
         // once the session itself expires.
+        // If we unnecessarily hold the lock any longer, it blocks other session requests.
+        $this->lockexpire = ini_get('max_execution_time');
+        if ($this->lockexpire < 0) {
+            // If the max_execution_time is set to a value lower than 0, which is invalid, use the default value.
+            // https://www.php.net/manual/en/info.configuration.php#ini.max-execution-time defines the default as 30.
+            // Note: This value is not available programatically.
+            $this->lockexpire = 30;
         // If we unnecessarily hold the lock any longer, it blocks other session requests.
+        if (empty($this->lockexpire) || ($this->lockexpire > (int)$CFG->sessiontimeout)) {
-        $this->lockexpire = ini_get('max_execution_time');
+            // The value of the max_execution_time is either unlimited (0), or higher than the session timeout.
-        if (empty($this->lockexpire) || ($this->lockexpire > (int)$CFG->sessiontimeout)) {
+            // Cap it at the session timeout.
+            $this->lockexpire = (int)$CFG->sessiontimeout;
             $this->lockexpire = (int)$CFG->sessiontimeout;
         if (isset($CFG->session_redis_lock_expire)) {
             $this->lockexpire = (int)$CFG->session_redis_lock_expire;
+        }
-        if (isset($CFG->session_redis_compressor)) {
-            $this->compressor = $CFG->session_redis_compressor;
-        }
+        if (isset($CFG->session_redis_compressor)) {
-    }
+            $this->compressor = $CFG->session_redis_compressor;
-    /**
+        }
-     * Start the session.
+        if (isset($CFG->session_redis_connection_timeout)) {
-     *
+            $this->connectiontimeout = (int)$CFG->session_redis_connection_timeout;
+        }
-     * @return bool success
-     */
+        if (isset($CFG->session_redis_max_retries)) {
-    public function start() {
-        $result = parent::start();
+            $this->maxretries = (int)$CFG->session_redis_max_retries;
-        return $result;
+        }
         $this->clock = di::get(clock::class);
     /**
      * Init session handler.
+    #[\Override]
-     */
+    public function init(): bool {
+        if (!extension_loaded('redis')) {
+            throw new exception('sessionhandlerproblem', 'error', '', null, 'redis extension is not loaded');
+        }
-    public function init() {
+        if (empty($this->host)) {
-        if (!extension_loaded('redis')) {
+            throw new exception(
-            throw new exception('sessionhandlerproblem', 'error', '', null, 'redis extension is not loaded');
                 'sessionhandlerproblem',
+                'error',
+                '',
+                null,
+                '$CFG->session_redis_host must be specified in config.php',
-        if (empty($this->host)) {
+            );
+        }
             throw new exception('sessionhandlerproblem', 'error', '', null,
-                    '$CFG->session_redis_host must be specified in config.php');
+        $version = phpversion('Redis');
         if (!$version || version_compare($version, self::REDIS_MIN_EXTENSION_VERSION) <= 0) {
             throw new exception(
                 // For a single (non-cluster) Redis, the TLS/SSL config must be added to the 'stream' key.
                 $opts['stream'] = $this->sslopts;
+            }
+        }
-        // MDL-59866: Add retries for connections (up to 5 times) to make sure it goes through.
+        // Add retries for connections to make sure it goes through.
         $counter = 1;
         $exceptionclass = $this->clustermode ? 'RedisClusterException' : 'RedisException';
-        while ($counter <= self::MAX_RETRIES) {
+        while ($counter <= $this->maxretries) {
             $this->connection = null;
             // Make a connection to Redis server(s).
             try {
+                // Create a $redis object of a RedisCluster or Redis class.
-                // Create a $redis object of a RedisCluster or Redis class.
+                $phpredisversion = phpversion('redis');
+                if ($this->clustermode) {
+                    if (version_compare($phpredisversion, '6.0.0', '>=')) {
-                if ($this->clustermode) {
+                        // Named parameters are fully supported starting from version 6.0.0.
+                        $this->connection = new \RedisCluster(
+                            name: null,
+                            seeds: $trimmedservers,
+                            timeout: $this->connectiontimeout, // Timeout.
+                            read_timeout: $this->connectiontimeout, // Read timeout.
+                            persistent: true,
-                    $this->connection = new \RedisCluster(null, $trimmedservers, 1, 1, true,
+                            auth: $this->auth,
+                            context: !empty($opts) ? $opts : null,
+                        );
+                    } else {
+                        $this->connection = new \RedisCluster(
+                            null,
+                            $trimmedservers,
+                            $this->connectiontimeout,
+                            $this->connectiontimeout,
+                            true,
+                            $this->auth,
+                            !empty($opts) ? $opts : null
+                        );
                         $this->auth, !empty($opts) ? $opts : null);
                 } else {
                     $delay = rand(100, 500);
                     $this->connection = new \Redis();
+                    if (version_compare($phpredisversion, '6.0.0', '>=')) {
+                        // Named parameters are fully supported starting from version 6.0.0.
+                        $this->connection->connect(
+                            host: $server,
+                            port: $port,
+                            timeout: $this->connectiontimeout, // Timeout.
+                            retry_interval: $delay,
+                            read_timeout: $this->connectiontimeout, // Read timeout.
+                            context: $opts,
+                        );
+                    } else {
+                        $this->connection->connect(
+                            $server,
+                            $port,
+                            $this->connectiontimeout,
+                            null,
+                            $delay,
+                            $this->connectiontimeout,
+                            $opts
+                        );
+                    }
                     $this->connection->connect($server, $port, 1, null, $delay, 1, $opts);
                     if ($this->auth !== '' && !$this->connection->auth($this->auth)) {
                         throw new $exceptionclass('Unable to authenticate.');
+                    }
                     // Use custom prefix on sessions.
                     if (!$this->connection->setOption(\Redis::OPT_PREFIX, $this->prefix)) {
                         throw new $exceptionclass('Unable to set the Redis Prefix option.');
+                    }
+                }
+                // Check the server version.
+                // The session handler requires a version of Redis server with support for SET command options (at least 2.6.12).
+                // Note: In the case of a TLS connection, the connection will hang if the phpredis client does not communicate
+                // with the server immediately after connect(). See https://github.com/phpredis/phpredis/issues/2332.
+                // This version check satisfies that requirement.
+                try {
-                if ($this->sslopts && !$this->connection->ping('Ping')) {
+                    $serverversion = $this->connection->info('server')['redis_version'];
-                    // In case of a TLS connection,
+                } catch (RedisException | RedisClusterException $e) {
-                    // if phpredis client does not communicate immediately with the server the connection hangs.
+                    // Some proxies e.g envoy or twemproxy lack support of INFO command. So just assume we meet the minimum
-                    // See https://github.com/phpredis/phpredis/issues/2332.
+                    // version requirement.
+                    $serverversion = self::REDIS_MIN_SERVER_VERSION;
+                }
+                if (version_compare($serverversion, self::REDIS_MIN_SERVER_VERSION) < 0) {
-                    throw new $exceptionclass("Ping failed");
+                    throw new $exceptionclass(sprintf(
+                        "Version %s is not supported. The minimum version required is %s.",
+                        $serverversion,
+                        self::REDIS_MIN_SERVER_VERSION,
+                    ));
+                }
                 if ($this->database !== 0) {
                     if (!$this->connection->select($this->database)) {
                         throw new $exceptionclass('Unable to select the Redis database ' . $this->database . '.');
+                    }
+                }
                 return true;
             } catch (RedisException | RedisClusterException $e) {
-                $redishost = $this->clustermode ? implode(',', $this->host) : $server. ':'. $port;
+                $redishost = $this->clustermode ? implode(',', $this->host) : $server . ':' . $port;
-                $logstring = "Failed to connect (try {$counter} out of " . self::MAX_RETRIES . ") to Redis ";
+                $logstring = "Failed to connect (try {$counter} out of " . $this->maxretries . ") to Redis ";
                 $logstring .= "at ". $redishost .", the error returned was: {$e->getMessage()}";
                 debugging($logstring);
+            }
             $counter++;
             // Introduce a random sleep between 100ms and 500ms.
         $result = session_set_save_handler($this);
         if (!$result) {
             throw new exception('redissessionhandlerproblem', 'error');
+        }
         return false;
+    }
     /**
      */
     public function close(): bool {
         $this->lasthash = null;
         try {
             foreach ($this->locks as $id => $expirytime) {
-                if ($expirytime > $this->time()) {
+                if ($expirytime > $this->clock->time()) {
                     $this->unlock_session($id);
+                }
                 unset($this->locks[$id]);
+            }
         } catch (RedisException | RedisClusterException $e) {
     /**
      * Read the session data from storage
+     *
      * @param string $id The session id to read from storage.
-     * @return string The session data for PHP to process.
+     * @return string|false The session data for PHP to process or false.
+     *
      * @throws RedisException when we are unable to talk to the Redis server.
      */
     public function read(string $id): string|false {
         try {
             if ($this->requires_write_lock()) {
-                $this->lock_session($id);
+                $this->lock_session($this->sessionkeyprefix . $id);
+            }
+            $keys = $this->connection->hmget($this->sessionkeyprefix . $id, ['userid', 'sessdata']);
-            }
+            $userid = $keys['userid'];
-            $sessiondata = $this->uncompress($this->connection->get($id));
+            $sessiondata = $this->uncompress($keys['sessdata']);
             if ($sessiondata === false) {
                 if ($this->requires_write_lock()) {
-                    $this->unlock_session($id);
+                    $this->unlock_session($this->sessionkeyprefix . $id);
+                }
                 $this->lasthash = sha1('');
+                return '';
+            }
+            // Do not update expiry if non-login user (0). This would affect the first access timeout.
-                return '';
+            if ($userid != 0) {
+                $maxlifetime = $this->get_maxlifetime($userid);
+                $this->connection->expire($this->sessionkeyprefix . $id, $maxlifetime);
                 $this->connection->expire($this->userkeyprefix . $userid, $maxlifetime);
             $this->connection->expire($id, $this->timeout);
         } catch (RedisException | RedisClusterException $e) {
             error_log('Failed talking to redis: '.$e->getMessage());
+            throw $e;
+        }
+        // Update last hash.
+        if ($sessiondata === null) {
+            // As of PHP 8.1 we can't pass null to base64_encode.
+            $sessiondata = '';
             throw $e;
         $this->lasthash = sha1(base64_encode($sessiondata));
         return $sessiondata;
+    }
     /**
      * Compresses session data.
+     *
      * @param mixed $value
      * @return string
      */
-    private function compress($value) {
+    private function compress($value): string {
         switch ($this->compressor) {
             case self::COMPRESSION_NONE:
      * @param string $id session id to write.
      * @param string $data session data
      * @return bool true on write success, false on failure
      */
     public function write(string $id, string $data): bool {
         $hash = sha1(base64_encode($data));
         // If the content has not changed don't bother writing.
         if ($hash === $this->lasthash) {
         // PHP does open, read, destroy, write, close. When a session doesn't exist.
         // There can be race conditions on new sessions racing each other but we can
         // address that in the future.
         try {
             $data = $this->compress($data);
+            $this->connection->hset($this->sessionkeyprefix . $id, 'sessdata', $data);
+            $keys = $this->connection->hmget($this->sessionkeyprefix . $id, ['userid', 'timecreated', 'timemodified']);
+            $userid = $keys['userid'];
+            // Don't update expiry if still first access.
+            if ($keys['timecreated'] != $keys['timemodified']) {
+                $maxlifetime = $this->get_maxlifetime($userid);
-            $this->connection->setex($id, $this->timeout, $data);
+                $this->connection->expire($this->sessionkeyprefix . $id, $maxlifetime);
+                $this->connection->expire($this->userkeyprefix . $userid, $maxlifetime);
+            }
         } catch (RedisException | RedisClusterException $e) {
             error_log('Failed talking to redis: '.$e->getMessage());
             return false;
+        }
         return true;
+    }
+    #[\Override]
+    public function get_session_by_sid(string $sid): \stdClass {
+        $this->init_redis_if_required();
+        $keys = ["id", "state", "sid", "userid", "sessdata", "timecreated", "timemodified", "firstip", "lastip"];
+        $sessiondata = $this->connection->hmget($this->sessionkeyprefix . $sid, $keys);
+        return (object)$sessiondata;
+    }
+    #[\Override]
+    public function add_session(int $userid): \stdClass {
+        $timestamp = $this->clock->time();
+        $sid = session_id();
+        $maxlifetime = $this->get_maxlifetime($userid, true);
+        $sessiondata = [
+            'id' => $sid,
+            'state' => '0',
+            'sid' => $sid,
+            'userid' => $userid,
+            'sessdata' => null,
+            'timecreated' => $timestamp,
+            'timemodified' => $timestamp,
+            'firstip' => getremoteaddr(),
+            'lastip' => getremoteaddr(),
+        ];
+        $userhashkey = $this->userkeyprefix . $userid;
+        $this->connection->hSet($userhashkey, $sid, $timestamp);
+        $this->connection->expire($userhashkey, $maxlifetime);
+        $sessionhashkey = $this->sessionkeyprefix . $sid;
+        $this->connection->hmSet($sessionhashkey, $sessiondata);
+        $this->connection->expire($sessionhashkey, $maxlifetime);
-    /**
-     * Handle destroying a session.
+        return (object)$sessiondata;
+    }
+    #[\Override]
+    public function get_sessions_by_userid(int $userid): array {
+        $this->init_redis_if_required();
+        $userhashkey = $this->userkeyprefix . $userid;
+        $sessions = $this->connection->hGetAll($userhashkey);
-     *
+        $records = [];
+        foreach (array_keys($sessions) as $session) {
+            $item = $this->connection->hGetAll($this->sessionkeyprefix . $session);
+            if (!empty($item)) {
+                $records[] = (object) $item;
+            }
+        }
+        return $records;
+    }
+    #[\Override]
+    public function update_session(\stdClass $record): bool {
+        if (!isset($record->sid) && isset($record->id)) {
+            $record->sid = $record->id;
+        }
+        // If record does not have userid set, we need to get it from the session.
+        if (!isset($record->userid)) {
+            $session = $this->get_session_by_sid($record->sid);
+            $record->userid = $session->userid;
+        }
+        $sessionhashkey = $this->sessionkeyprefix . $record->sid;
+        $userhashkey = $this->userkeyprefix . $record->userid;
+        $recordata = (array) $record;
+        unset($recordata['sid']);
+        $this->connection->hmSet($sessionhashkey, $recordata);
+        // Update the expiry time.
+        $maxlifetime = $this->get_maxlifetime($record->userid);
+        $this->connection->expire($sessionhashkey, $maxlifetime);
+        $this->connection->expire($userhashkey, $maxlifetime);
+        return true;
+    }
+    #[\Override]
+    public function get_all_sessions(): \Iterator {
+        $sessions = [];
+        $iterator = null;
+        while (false !== ($keys = $this->connection->scan($iterator, '*' . $this->sessionkeyprefix . '*'))) {
+            foreach ($keys as $key) {
+                $sessions[] = $key;
+            }
+        }
+        return new \ArrayIterator($sessions);
+    }
+    #[\Override]
+    public function destroy_all(): bool {
+        $this->init_redis_if_required();
+        $sessions = $this->get_all_sessions();
-     * @param string $id the session id to destroy.
+        foreach ($sessions as $session) {
+            // Remove the prefixes from the session id, as destroy expects the raw session id.
+            if (str_starts_with($session, $this->prefix . $this->sessionkeyprefix)) {
+                $session = substr($session, strlen($this->prefix . $this->sessionkeyprefix));
+            }
+            $this->destroy($session);
+        }
-     * @return bool true if the session was deleted, false otherwise.
+        return true;
+    }
-     */
+    #[\Override]
+    public function destroy(string $id): bool {
-    public function destroy(string $id): bool {
+        $this->init_redis_if_required();
         $this->lasthash = null;
+        try {
+            $sessionhashkey = $this->sessionkeyprefix . $id;
+            $userid = $this->connection->hget($sessionhashkey, "userid");
-        try {
+            $userhashkey = $this->userkeyprefix . $userid;
+            $this->connection->hDel($userhashkey, $id);
-            $this->connection->del($id);
+            $this->connection->unlink($sessionhashkey);
             $this->unlock_session($id);
         } catch (RedisException | RedisClusterException $e) {
             error_log('Failed talking to redis: '.$e->getMessage());
             return false;
+        }
+        return true;
+    }
+    // phpcs:disable moodle.NamingConventions.ValidVariableName.VariableNameUnderscore
+    #[\Override]
+    public function gc(int $max_lifetime = 0): int|false {
+        return 0;
         return true;
-    }
+    // phpcs:enable
     /**
-     * Garbage collect sessions.  We don't we any as Redis does it for us.
+     * Get session maximum lifetime in seconds.
+     *
+     * @param int|null $userid The user id to calculate the max lifetime for.
      * @param bool $firstbrowseraccess This indicates that this is calculating the expiry when the key is first added.
-     * @param integer $max_lifetime All sessions older than this should be removed.
+     *                                 The first access made by the browser has a shorter timeout to reduce abandoned sessions.
+     * @return float|int
+     */
+    private function get_maxlifetime(?int $userid = null, bool $firstbrowseraccess = false): float|int {
+        global $CFG;
+        // Guest user.
+        if ($userid == $CFG->siteguest) {
+            return $CFG->sessiontimeout * 5;
-     * @return bool true, as Redis handles expiry for us.
+        }
+        // All other users.
+        if ($userid == 0 && $firstbrowseraccess) {
+            $maxlifetime = $this->firstaccesstimeout;
+        } else {
+            // As per MDL-56823 - The following configures the session lifetime in redis to allow some
+            // wriggle room in the user noticing they've been booted off and
+            // letting them log back in before they lose their session entirely.
+            $updatefreq = empty($CFG->session_update_timemodified_frequency) ? 20 : $CFG->session_update_timemodified_frequency;
-     */
+            $maxlifetime = (int) $CFG->sessiontimeout + $updatefreq + MINSECS;
+        }
+        return $maxlifetime;
+    }
+    /**
+     * Connection will be null if these methods are called from cli or where NO_MOODLE_COOKIES is used.
+     * We need to check for this and initialize the connection if required.
+     *
+     * @return void
+     */
+    private function init_redis_if_required(): void {
-    // phpcs:ignore moodle.NamingConventions.ValidVariableName.VariableNameUnderscore
+        if (is_null($this->connection)) {
-    public function gc(int $max_lifetime): int|false {
+            $this->init();
         return false;
+    }
     /**
      * Unlock a session.
+     *
      * @param string $id Session id to be unlocked.
      */
     protected function unlock_session($id) {
         if (isset($this->locks[$id])) {
-            $this->connection->del($id.".lock");
+            $this->connection->unlink("{$id}.lock");
      * @param string $id The session id to lock.
      * @return bool true when session was locked, exception otherwise.
      * @throws exception When we are unable to obtain a session lock.
      */
     protected function lock_session($id) {
-        $lockkey = $id.".lock";
+        $lockkey = "{$id}.lock";
+        $haslock = isset($this->locks[$id]) && $this->clock->time() < $this->locks[$id];
+        if ($haslock) {
+            return true;
+        }
-        $haslock = isset($this->locks[$id]) && $this->time() < $this->locks[$id];
-        $startlocktime = $this->time();
+        $startlocktime = $this->clock->time();
-        /* To be able to ensure sessions don't write out of order we must obtain an exclusive lock
+        // To be able to ensure sessions don't write out of order we must obtain an exclusive lock
-         * on the session for the entire time it is open.  If another AJAX call, or page is using
-         * the session then we just wait until it finishes before we can open the session.
+        // on the session for the entire time it is open.  If another AJAX call, or page is using
-         */
+        // the session then we just wait until it finishes before we can open the session.
         // Store the current host, process id and the request URI so it's easy to track who has the lock.
         $hostname = gethostname();
+        if ($hostname === false) {
-        if ($hostname === false) {
+            $hostname = 'UNKNOWN HOST';
             $hostname = 'UNKNOWN HOST';
         $pid = getmypid();
+        if ($pid === false) {
-        if ($pid === false) {
+            $pid = 'UNKNOWN';
             $pid = 'UNKNOWN';
         $uri = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : 'unknown uri';
-        $whoami = "[pid {$pid}] {$hostname}:$uri";
         $whoami = "[pid {$pid}] {$hostname}:$uri";
-        $haswarned = false; // Have we logged a lock warning?
-        while (!$haslock) {
+        $haswarned = false; // Have we logged a lock warning?
-            $haslock = $this->connection->setnx($lockkey, $whoami);
+        while (!$haslock) {
             $haslock = $this->connection->set($lockkey, $whoami, ['nx', 'ex' => $this->lockexpire]);
             if ($haslock) {
-                $this->locks[$id] = $this->time() + $this->lockexpire;
+            if ($haslock) {
+                $this->locks[$id] = $this->clock->time() + $this->lockexpire;
-                $this->connection->expire($lockkey, $this->lockexpire);
+                return true;
-                return true;
+            }
             if (!empty($this->acquirewarn) && !$haswarned && $this->clock->time() > $startlocktime + $this->acquirewarn) {
                 // This is a warning to better inform users.
-            if (!empty($this->acquirewarn) && !$haswarned && $this->time() > $startlocktime + $this->acquirewarn) {
+                $whohaslock = $this->connection->get($lockkey);
-                // This is a warning to better inform users.
+                // phpcs:ignore
-                $whohaslock = $this->connection->get($lockkey);
+                error_log(
-                // phpcs:ignore
+                    "Warning: Cannot obtain session lock for sid: $id within $this->acquirewarn seconds but will keep trying. " .
-                error_log("Warning: Cannot obtain session lock for sid: $id within $this->acquirewarn seconds but will keep trying. " .
+                        "It is likely another page ($whohaslock) has a long session lock, or the session lock was never released.",
-                    "It is likely another page ($whohaslock) has a long session lock, or the session lock was never released.");
+                );
+                $haswarned = true;
-                $haswarned = true;
+            }
-            }
+            if ($this->clock->time() > $startlocktime + $this->acquiretimeout) {
                 // This is a fatal error, better inform users.
-            if ($this->time() > $startlocktime + $this->acquiretimeout) {
+                // It should not happen very often - all pages that need long time to execute
-                // This is a fatal error, better inform users.
+                // should close session immediately after access control checks.
-                // It should not happen very often - all pages that need long time to execute
+                $whohaslock = $this->connection->get($lockkey);
-                // should close session immediately after access control checks.
+                // phpcs:ignore
-                $whohaslock = $this->connection->get($lockkey);
+                error_log(
-                // phpcs:ignore
+                    "Error: Cannot obtain session lock for sid: $id within $this->acquiretimeout seconds. " .
+                        "It is likely another page ($whohaslock) has a long session lock, or the session lock was never released.",
-                error_log("Error: Cannot obtain session lock for sid: $id within $this->acquiretimeout seconds. " .
+                );
-                    "It is likely another page ($whohaslock) has a long session lock, or the session lock was never released.");
+                $acquiretimeout = format_time($this->acquiretimeout);
-                $acquiretimeout = format_time($this->acquiretimeout);
+                $lockexpire = format_time($this->lockexpire);
-                $lockexpire = format_time($this->lockexpire);
+                $a = (object)[
-                $a = (object)[
+                    'id' => substr($id, 0, 10),
-                    'id' => substr($id, 0, 10),
+                    'acquiretimeout' => $acquiretimeout,
-                    'acquiretimeout' => $acquiretimeout,
+                    'whohaslock' => $whohaslock,
-                    'whohaslock' => $whohaslock,
+                    'lockexpire' => $lockexpire,
                 $delay = rand(1000, 1100);
+            }
             usleep($delay * 1000);
+        }
         throw new coding_exception('Unable to lock session');
-    }
-    /**
-     * Return the current time.
-     *
-     * @return int the current time as a unixtimestamp.
-     */
+    }
-    protected function time() {
-        return time();
-    }
-    /**
-     * Check the backend contains data for this session id.
-     *
-     * Note: this is intended to be called from manager::session_exists() only.
-     *
-     * @param string $sid
      * @return bool true if session found.
-     */
+    #[\Override]
     public function session_exists($sid) {
         if (!$this->connection) {
             return false;
+        }
-        }
         try {
-        try {
+            $sessionhashkey = $this->sessionkeyprefix . $sid;
-            return !empty($this->connection->exists($sid));
+            return !empty($this->connection->exists($sessionhashkey));
         } catch (RedisException | RedisClusterException $e) {
-            return false;
-        }
-    }
-    /**
-     * Kill all active sessions, the core sessions table is purged afterwards.
-     */
-    public function kill_all_sessions() {
-        global $DB;
-        if (!$this->connection) {
-            return;
-        }
-        $rs = $DB->get_recordset('sessions', array(), 'id DESC', 'id, sid');
-        foreach ($rs as $record) {
-            $this->destroy($record->sid);
-        }
-        $rs->close();
-    }
-    /**
-     * Kill one session, the session record is removed afterwards.
-     *
-     * @param string $sid
-     */
-    public function kill_session($sid) {
-        if (!$this->connection) {
-            return;
-        }
             return false;

Proyectos de Subversion Moodle

(root)/lib/classes/session/redis.php – Rev 1 → 1441