| 1 session.inc | backdrop_session_initialize() |
Initializes the session handler, starting a session if needed.
File
- core/
includes/ session.inc, line 242 - User session handling functions.
Code
function backdrop_session_initialize() {
global $user, $is_https;
// Calling session_set_save_handler() multiple times will cause errors on
// PHP 7.2+.
if (session_status() === PHP_SESSION_NONE) {
session_set_save_handler('_backdrop_session_open', '_backdrop_session_close', '_backdrop_session_read', '_backdrop_session_write', '_backdrop_session_destroy', '_backdrop_session_garbage_collection');
}
// We use !empty() in the following check to ensure that blank session IDs
// are not valid.
if (!empty($_COOKIE[session_name()]) || ($is_https && settings_get('https', FALSE) && !empty($_COOKIE[substr(session_name(), 1)]))) {
// If a session cookie exists, initialize the session. Otherwise the
// session is only started on demand in backdrop_session_commit(), making
// anonymous users not use a session cookie unless something is stored in
// $_SESSION. This allows HTTP proxies to cache anonymous page views.
backdrop_session_start();
if (!empty($user->uid) || !empty($_SESSION)) {
backdrop_page_is_cacheable(FALSE);
}
}
else {
// Set a session identifier for this request. This is necessary because
// we lazily start sessions at the end of this request, and some
// processes (like backdrop_get_token()) needs to know the future
// session ID in advance.
$GLOBALS['lazy_session'] = TRUE;
$user = backdrop_anonymous_user();
// Less random sessions (which are much faster to generate) are used for
// anonymous users than are generated in backdrop_session_regenerate() when
// a user becomes authenticated.
session_id(backdrop_random_key());
if ($is_https && settings_get('https', FALSE)) {
$insecure_session_name = substr(session_name(), 1);
$session_id = backdrop_random_key();
$_COOKIE[$insecure_session_name] = $session_id;
}
}
date_default_timezone_set(backdrop_get_user_timezone());
}