1 # BEGIN BPS TAGGED BLOCK {{{
5 # This software is Copyright (c) 1996-2014 Best Practical Solutions, LLC
6 # <sales@bestpractical.com>
8 # (Except where explicitly superseded by other copyright notices)
13 # This work is made available to you under the terms of Version 2 of
14 # the GNU General Public License. A copy of that license should have
15 # been provided with this software, but in any event can be snarfed
18 # This work is distributed in the hope that it will be useful, but
19 # WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 # General Public License for more details.
23 # You should have received a copy of the GNU General Public License
24 # along with this program; if not, write to the Free Software
25 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
26 # 02110-1301 or visit their web page on the internet at
27 # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
30 # CONTRIBUTION SUBMISSION POLICY:
32 # (The following paragraph is not intended to limit the rights granted
33 # to you to modify and distribute this software under the terms of
34 # the GNU General Public License and is only of importance to you if
35 # you choose to contribute your changes and enhancements to the
36 # community by submitting them to Best Practical Solutions, LLC.)
38 # By intentionally submitting any modifications, corrections or
39 # derivatives to this work, or any other work intended for use with
40 # Request Tracker, to Best Practical Solutions, LLC, you confirm that
41 # you are the copyright holder for those contributions and you grant
42 # Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
43 # royalty-free, perpetual, license to use, copy, create derivative
44 # works based on those contributions, and sublicense and distribute
45 # those contributions and any derivatives thereof.
47 # END BPS TAGGED BLOCK }}}
49 package RT::Interface::Web::Session;
57 RT::Interface::Web::Session - RT web session class
64 RT session class and utilities.
66 CLASS METHODS can be used without creating object instances,
67 it's mainly utilities to clean unused session records.
69 Object is tied hash and can be used to access session data.
77 Returns name of the class that is used as sessions storage.
84 my $class = RT->Config->Get('WebSessionClass')
85 || $self->Backends->{RT->Config->Get('DatabaseType')}
86 || 'Apache::Session::File';
87 eval "require $class";
94 Returns hash reference with names of the databases as keys and
95 sessions class names as values.
101 mysql => 'Apache::Session::MySQL',
102 Pg => 'Apache::Session::Postgres',
108 Returns hash reference with attributes that are used to create
114 my $class = $_[0]->Class;
115 return !$class->isa('Apache::Session::File') ? {
116 Handle => $RT::Handle->dbh,
117 LockHandle => $RT::Handle->dbh,
120 Directory => $RT::MasonSessionDir,
121 LockDirectory => $RT::MasonSessionDir,
128 Returns array ref with list of the session IDs.
133 my $self = shift || __PACKAGE__;
134 my $attributes = $self->Attributes;
135 if( $attributes->{Directory} ) {
136 return $self->_IdsDir( $attributes->{Directory} );
138 return $self->_IdsDB( $RT::Handle->dbh );
143 my ($self, $dir) = @_;
147 sub { return unless /^[a-zA-Z0-9]+$/;
148 $file{$_} = (stat($_))[9];
153 return [ sort { $file{$a} <=> $file{$b} } keys %file ];
157 my ($self, $dbh) = @_;
158 my $ids = $dbh->selectcol_arrayref("SELECT id FROM sessions ORDER BY LastUpdated DESC");
159 die "couldn't get ids: ". $dbh->errstr if $dbh->errstr;
165 Takes seconds and deletes all sessions that are older.
170 my $class = shift || __PACKAGE__;
171 my $attributes = $class->Attributes;
172 if( $attributes->{Directory} ) {
173 return $class->_ClearOldDir( $attributes->{Directory}, @_ );
175 return $class->_ClearOldDB( $RT::Handle->dbh, @_ );
180 my ($self, $dbh, $older_than) = @_;
182 unless( int $older_than ) {
183 $rows = $dbh->do("DELETE FROM sessions");
184 die "couldn't delete sessions: ". $dbh->errstr unless defined $rows;
187 my $date = POSIX::strftime("%Y-%m-%d %H:%M", localtime( time - int $older_than ) );
189 my $sth = $dbh->prepare("DELETE FROM sessions WHERE LastUpdated < ?");
190 die "couldn't prepare query: ". $dbh->errstr unless $sth;
191 $rows = $sth->execute( $date );
192 die "couldn't execute query: ". $dbh->errstr unless defined $rows;
195 $RT::Logger->info("successfully deleted $rows sessions");
200 my ($self, $dir, $older_than) = @_;
202 require File::Spec if int $older_than;
205 my $class = $self->Class;
206 my $attrs = $self->Attributes;
208 foreach my $id( @{ $self->Ids } ) {
209 if( int $older_than ) {
210 my $mtime = (stat(File::Spec->catfile($dir,$id)))[9];
211 if( $mtime > $now - $older_than ) {
212 $RT::Logger->debug("skipped session '$id', isn't old");
219 eval { tie %session, $class, $id, $attrs };
221 $RT::Logger->debug("skipped session '$id', couldn't load: $@");
224 tied(%session)->delete;
225 $RT::Logger->info("successfully deleted session '$id'");
228 # Apache::Session::Lock::File will clean out locks older than X, but it
229 # leaves around bogus locks if they're too new, even though they're
230 # guaranteed dead. On even just largeish installs, the accumulated number
231 # of them may bump into ext3/4 filesystem limits since Apache::Session
232 # doesn't use a fan-out tree.
233 my $lock = Apache::Session::Lock::File->new;
234 $lock->clean( $dir, $older_than );
236 # Take matters into our own hands and clear bogus locks hanging around
237 # regardless of how recent they are.
238 $self->ClearOrphanLockFiles($dir);
243 =head3 ClearOrphanLockFiles
245 Takes a directory in which to look for L<Apache::Session::Lock::File> locks
246 which no longer have a corresponding session file. If not provided, the
247 directory is taken from the session configuration data.
251 sub ClearOrphanLockFiles {
253 my $dir = shift || $class->Attributes->{Directory}
256 if (opendir my $dh, $dir) {
258 next unless /^Apache-Session-([0-9a-f]{32})\.lock$/;
259 next if -e "$dir/$1";
261 RT->Logger->debug("deleting orphaned session lockfile '$_'");
264 or warn "Failed to unlink session lockfile $dir/$_: $!";
268 warn "Unable to open directory '$dir' for reading: $!";
274 Checks all sessions and if user has more then one session
275 then leave only the latest one.
280 my $self = shift || __PACKAGE__;
281 my $class = $self->Class;
282 my $attrs = $self->Attributes;
286 foreach my $id( @{ $self->Ids } ) {
289 eval { tie %session, $class, $id, $attrs };
291 $RT::Logger->debug("skipped session '$id', couldn't load: $@");
294 if( $session{'CurrentUser'} && $session{'CurrentUser'}->id ) {
295 unless( $seen{ $session{'CurrentUser'}->id }++ ) {
296 $RT::Logger->debug("skipped session '$id', first user's session");
300 tied(%session)->delete;
301 $RT::Logger->info("successfully deleted session '$id'");
304 $self->ClearOrphanLockFiles if $deleted;
311 my $class = $self->Class;
312 my $attrs = $self->Attributes;
317 eval { tie %session, $class, $id, $attrs };
318 eval { tie %session, $class, undef, $attrs } if $@;
320 die "RT couldn't store your session. "
321 . "This may mean that that the directory '$RT::MasonSessionDir' isn't writable or a database table is missing or corrupt.\n\n"
325 return tied %session;