1 # BEGIN BPS TAGGED BLOCK {{{
5 # This software is Copyright (c) 1996-2016 Best Practical Solutions, LLC
6 # <sales@bestpractical.com>
8 # (Except where explicitly superseded by other copyright notices)
13 # This work is made available to you under the terms of Version 2 of
14 # the GNU General Public License. A copy of that license should have
15 # been provided with this software, but in any event can be snarfed
18 # This work is distributed in the hope that it will be useful, but
19 # WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 # General Public License for more details.
23 # You should have received a copy of the GNU General Public License
24 # along with this program; if not, write to the Free Software
25 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
26 # 02110-1301 or visit their web page on the internet at
27 # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
30 # CONTRIBUTION SUBMISSION POLICY:
32 # (The following paragraph is not intended to limit the rights granted
33 # to you to modify and distribute this software under the terms of
34 # the GNU General Public License and is only of importance to you if
35 # you choose to contribute your changes and enhancements to the
36 # community by submitting them to Best Practical Solutions, LLC.)
38 # By intentionally submitting any modifications, corrections or
39 # derivatives to this work, or any other work intended for use with
40 # Request Tracker, to Best Practical Solutions, LLC, you confirm that
41 # you are the copyright holder for those contributions and you grant
42 # Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
43 # royalty-free, perpetual, license to use, copy, create derivative
44 # works based on those contributions, and sublicense and distribute
45 # those contributions and any derivatives thereof.
47 # END BPS TAGGED BLOCK }}}
49 package RT::Interface::Web::Session;
57 RT::Interface::Web::Session - RT web session class
64 RT session class and utilities.
66 CLASS METHODS can be used without creating object instances,
67 it's mainly utilities to clean unused session records.
69 Object is tied hash and can be used to access session data.
77 Returns name of the class that is used as sessions storage.
84 my $class = RT->Config->Get('WebSessionClass')
85 || $self->Backends->{RT->Config->Get('DatabaseType')}
86 || 'Apache::Session::File';
87 $class->require or die "Can't load $class: $@";
93 Returns hash reference with names of the databases as keys and
94 sessions class names as values.
100 mysql => 'Apache::Session::MySQL',
101 Pg => 'Apache::Session::Postgres',
102 Oracle => 'Apache::Session::Oracle',
108 Returns hash reference with attributes that are used to create
114 my $class = $_[0]->Class;
116 if ( my %props = RT->Config->Get('WebSessionProperties') ) {
119 elsif ( $class->isa('Apache::Session::File') ) {
121 Directory => $RT::MasonSessionDir,
122 LockDirectory => $RT::MasonSessionDir,
128 Handle => $RT::Handle->dbh,
129 LockHandle => $RT::Handle->dbh,
133 $res->{LongReadLen} = RT->Config->Get('MaxAttachmentSize')
134 if $class->isa('Apache::Session::Oracle');
140 Returns array ref with list of the session IDs.
145 my $self = shift || __PACKAGE__;
146 my $attributes = $self->Attributes;
147 if( $attributes->{Directory} ) {
148 return $self->_IdsDir( $attributes->{Directory} );
150 return $self->_IdsDB( $RT::Handle->dbh );
155 my ($self, $dir) = @_;
159 sub { return unless /^[a-zA-Z0-9]+$/;
160 $file{$_} = (stat($_))[9];
165 return [ sort { $file{$a} <=> $file{$b} } keys %file ];
169 my ($self, $dbh) = @_;
170 my $ids = $dbh->selectcol_arrayref("SELECT id FROM sessions ORDER BY LastUpdated DESC");
171 die "couldn't get ids: ". $dbh->errstr if $dbh->errstr;
177 Takes seconds and deletes all sessions that are older.
182 my $class = shift || __PACKAGE__;
183 my $attributes = $class->Attributes;
184 if( $attributes->{Directory} ) {
185 return $class->_ClearOldDir( $attributes->{Directory}, @_ );
187 return $class->_ClearOldDB( $RT::Handle->dbh, @_ );
192 my ($self, $dbh, $older_than) = @_;
194 unless( int $older_than ) {
195 $rows = $dbh->do("DELETE FROM sessions");
196 die "couldn't delete sessions: ". $dbh->errstr unless defined $rows;
199 my $date = POSIX::strftime("%Y-%m-%d %H:%M", localtime( time - int $older_than ) );
201 my $sth = $dbh->prepare("DELETE FROM sessions WHERE LastUpdated < ?");
202 die "couldn't prepare query: ". $dbh->errstr unless $sth;
203 $rows = $sth->execute( $date );
204 die "couldn't execute query: ". $dbh->errstr unless defined $rows;
207 $RT::Logger->info("successfully deleted $rows sessions");
212 my ($self, $dir, $older_than) = @_;
214 require File::Spec if int $older_than;
217 my $class = $self->Class;
218 my $attrs = $self->Attributes;
220 foreach my $id( @{ $self->Ids } ) {
221 if( int $older_than ) {
222 my $mtime = (stat(File::Spec->catfile($dir,$id)))[9];
223 if( $mtime > $now - $older_than ) {
224 $RT::Logger->debug("skipped session '$id', isn't old");
231 eval { tie %session, $class, $id, $attrs };
233 $RT::Logger->debug("skipped session '$id', couldn't load: $@");
236 tied(%session)->delete;
237 $RT::Logger->info("successfully deleted session '$id'");
240 # Apache::Session::Lock::File will clean out locks older than X, but it
241 # leaves around bogus locks if they're too new, even though they're
242 # guaranteed dead. On even just largeish installs, the accumulated number
243 # of them may bump into ext3/4 filesystem limits since Apache::Session
244 # doesn't use a fan-out tree.
245 my $lock = Apache::Session::Lock::File->new;
246 $lock->clean( $dir, $older_than );
248 # Take matters into our own hands and clear bogus locks hanging around
249 # regardless of how recent they are.
250 $self->ClearOrphanLockFiles($dir);
255 =head3 ClearOrphanLockFiles
257 Takes a directory in which to look for L<Apache::Session::Lock::File> locks
258 which no longer have a corresponding session file. If not provided, the
259 directory is taken from the session configuration data.
263 sub ClearOrphanLockFiles {
265 my $dir = shift || $class->Attributes->{Directory}
268 if (opendir my $dh, $dir) {
270 next unless /^Apache-Session-([0-9a-f]{32})\.lock$/;
271 next if -e "$dir/$1";
273 RT->Logger->debug("deleting orphaned session lockfile '$_'");
276 or warn "Failed to unlink session lockfile $dir/$_: $!";
280 warn "Unable to open directory '$dir' for reading: $!";
286 Checks all sessions and if user has more then one session
287 then leave only the latest one.
292 my $self = shift || __PACKAGE__;
293 my $class = $self->Class;
294 my $attrs = $self->Attributes;
298 foreach my $id( @{ $self->Ids } ) {
301 eval { tie %session, $class, $id, $attrs };
303 $RT::Logger->debug("skipped session '$id', couldn't load: $@");
306 if( $session{'CurrentUser'} && $session{'CurrentUser'}->id ) {
307 unless( $seen{ $session{'CurrentUser'}->id }++ ) {
308 $RT::Logger->debug("skipped session '$id', first user's session");
312 tied(%session)->delete;
313 $RT::Logger->info("successfully deleted session '$id'");
316 $self->ClearOrphanLockFiles if $deleted;
323 my $class = $self->Class;
324 my $attrs = $self->Attributes;
329 eval { tie %session, $class, $id, $attrs };
330 eval { tie %session, $class, undef, $attrs } if $@;
332 die "RT couldn't store your session. "
333 . "This may mean that that the directory '$RT::MasonSessionDir' isn't writable or a database table is missing or corrupt.\n\n"
337 return tied %session;