Merge #1615 선택적 세션 시작 (Proof of Concept) by kijin

* pr/1615: Force start session if SSO is used Improve and simplify session status detection Improve handling of session variables related to validator Start session automatically if an addon uses the session and exits If cache-friendly behavior is enabled, don't skip updateReadedCount() If cache-friendly behavior is enabled, don't update session when reading document or comment Add option to enable/disable cache-friendly behavior Improve the setCacheControl() method Context::setCacheControl() method added etc. do not always set mobile/user-agent cookies 선택적 세션 시작 + 서드파티 자료 호환성 (Proof of Concept)
2026-05-22 05:15:29 +09:00 · 2015-10-08 15:03:17 +09:00 · 2015-10-08 15:03:17 +09:00 · 9364563f4a
commit 9364563f4a
parent c30341c3c1 6470da0d5d
13 changed files with 160 additions and 38 deletions
--- a/classes/context/Context.class.php
+++ b/classes/context/Context.class.php
@ -333,8 +333,29 @@ class Context
 			);
 		}

-		if($sess = $_POST[session_name()]) session_id($sess);
-		session_start();
+		// start session if it was previously started
+		$session_name = session_name();
+		$session_id = NULL;
+		if($session_id = $_POST[$session_name])
+		{
+			session_id($session_id);
+		}
+		else
+		{
+			$session_id = $_COOKIE[$session_name];
+		}
+
+		if($session_id !== NULL || $this->db_info->cache_friendly != 'Y')
+		{
+			$this->setCacheControl(0, false);
+			session_start();
+		}
+		else
+		{
+			$this->setCacheControl(-1, true);
+			register_shutdown_function(array($this, 'checkSessionStatus'));
+			$_SESSION = array();
+		}

 		// set authentication information in Context and session
 		if(self::isInstalled())
@ -420,6 +441,38 @@ class Context
 		}
 	}

+	/**
+	 * Get the session status
+	 * 
+	 * @return bool
+	 */
+	function getSessionStatus()
+	{
+		return (session_id() !== '');
+	}
+
+	/**
+	 * Start the session if $_SESSION was touched
+	 * 
+	 * @return void
+	 */
+	function checkSessionStatus($force_start = false)
+	{
+		is_a($this, 'Context') ? $self = $this : $self = self::getInstance();
+		
+		if($self->getSessionStatus())
+		{
+			return;
+		}
+		if($force_start || (count($_SESSION) && !headers_sent()))
+		{
+			$tempSession = $_SESSION;
+			unset($_SESSION);
+			session_start();
+			$_SESSION = $tempSession;
+		}
+	}
+
 	/**
 	 * Finalize using resources, such as DB connection
 	 *
@ -430,6 +483,30 @@ class Context
 		session_write_close();
 	}

+	/**
+	 * set Cache-Control header
+	 *
+	 * @return void
+	 */
+	function setCacheControl($ttl = 0, $public = true)
+	{
+		if($ttl == 0)
+		{
+			header('Cache-Control: ' . ($public ? 'public, ' : 'private, ') . 'must-revalidate, post-check=0, pre-check=0, no-store, no-cache');
+			header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
+			header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
+		}
+		elseif($ttl == -1)
+		{
+			header('Cache-Control: ' . ($public ? 'public, ' : 'private, ') . 'must-revalidate, post-check=0, pre-check=0');
+		}
+		else
+		{
+			header('Cache-Control: ' . ($public ? 'public, ' : 'private, ') . 'must-revalidate, max-age=' . (int)$ttl);
+			header('Expires: ' . gmdate('D, d M Y H:i:s', time() + (int)$ttl) . ' GMT');
+		}
+	}
+
 	/**
 	 * Load the database information
 	 *
@ -664,6 +741,7 @@ class Context
 		{
 			if(self::get('default_url'))
 			{
+				$this->checkSessionStatus(true);
 				$url = base64_decode(self::get('default_url'));
 				$url_info = parse_url($url);

@ -953,7 +1031,10 @@ class Context
 		$self->lang_type = $lang_type;
 		$self->set('lang_type', $lang_type);

-		$_SESSION['lang_type'] = $lang_type;
+		if($self->getSessionStatus())
+		{
+			$_SESSION['lang_type'] = $lang_type;
+		}
 	}

 	/**
--- a/classes/display/DisplayHandler.class.php
+++ b/classes/display/DisplayHandler.class.php
@ -78,6 +78,9 @@ class DisplayHandler extends Handler
 			$handler->prepareToPrint($output);
 		}

+		// Start the session if $_SESSION was touched
+		Context::getInstance()->checkSessionStatus();
+
 		// header output

 		$httpStatusCode = $oModule->getHttpStatusCode();
@ -321,11 +324,6 @@ class DisplayHandler extends Handler
 	function _printXMLHeader()
 	{
 		header("Content-Type: text/xml; charset=UTF-8");
-		header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
-		header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
-		header("Cache-Control: no-store, no-cache, must-revalidate");
-		header("Cache-Control: post-check=0, pre-check=0", false);
-		header("Pragma: no-cache");
 	}

 	/**
@ -335,11 +333,6 @@ class DisplayHandler extends Handler
 	function _printHTMLHeader()
 	{
 		header("Content-Type: text/html; charset=UTF-8");
-		header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
-		header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
-		header("Cache-Control: no-store, no-cache, must-revalidate");
-		header("Cache-Control: post-check=0, pre-check=0", false);
-		header("Pragma: no-cache");
 	}

 	/**
@ -349,11 +342,6 @@ class DisplayHandler extends Handler
 	function _printJSONHeader()
 	{
 		header("Content-Type: text/html; charset=UTF-8");
-		header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
-		header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
-		header("Cache-Control: no-store, no-cache, must-revalidate");
-		header("Cache-Control: post-check=0, pre-check=0", false);
-		header("Pragma: no-cache");
 	}

 	/**
--- a/classes/mobile/Mobile.class.php
+++ b/classes/mobile/Mobile.class.php
@ -123,13 +123,13 @@ class Mobile
 					setcookie("mobile", 'true', 0, $xe_web_path);
 				}
 			}
-			elseif($_COOKIE['mobile'] != 'false')
+			elseif(isset($_COOKIE['mobile']) && $_COOKIE['mobile'] != 'false')
 			{
 				$_COOKIE['mobile'] = 'false';
 				setcookie("mobile", 'false', 0, $xe_web_path);
 			}

-			if($_COOKIE['user-agent'] != md5($_SERVER['HTTP_USER_AGENT']))
+			if(isset($_COOKIE['mobile']) && $_COOKIE['user-agent'] != md5($_SERVER['HTTP_USER_AGENT']))
 			{
 				setcookie("user-agent", md5($_SERVER['HTTP_USER_AGENT']), 0, $xe_web_path);
 			}
--- a/classes/module/ModuleHandler.class.php
+++ b/classes/module/ModuleHandler.class.php
@ -729,15 +729,23 @@ class ModuleHandler extends Handler

 			}

-			$_SESSION['XE_VALIDATOR_ERROR'] = $error;
-			$_SESSION['XE_VALIDATOR_ID'] = Context::get('xe_validator_id');
+			if($error != 0)
+			{
+				$_SESSION['XE_VALIDATOR_ERROR'] = $error;
+			}
+			if($validator_id = Context::get('xe_validator_id'))
+			{
+				$_SESSION['XE_VALIDATOR_ID'] = $validator_id;
+			}
 			if($message != 'success')
 			{
 				$_SESSION['XE_VALIDATOR_MESSAGE'] = $message;
 			}
-			$_SESSION['XE_VALIDATOR_MESSAGE_TYPE'] = $messageType;
-
-			if(Context::get('xeVirtualRequestMethod') != 'xml')
+			if($messageType != 'info')
+			{
+				$_SESSION['XE_VALIDATOR_MESSAGE_TYPE'] = $messageType;
+			}
+			if(Context::get('xeVirtualRequestMethod') != 'xml' && $redirectUrl)
 			{
 				$_SESSION['XE_VALIDATOR_RETURN_URL'] = $redirectUrl;
 			}
@ -787,12 +795,12 @@ class ModuleHandler extends Handler
 	 * */
 	function _clearErrorSession()
 	{
-		$_SESSION['XE_VALIDATOR_ERROR'] = '';
-		$_SESSION['XE_VALIDATOR_MESSAGE'] = '';
-		$_SESSION['XE_VALIDATOR_MESSAGE_TYPE'] = '';
-		$_SESSION['XE_VALIDATOR_RETURN_URL'] = '';
-		$_SESSION['XE_VALIDATOR_ID'] = '';
-		$_SESSION['INPUT_ERROR'] = '';
+		unset($_SESSION['XE_VALIDATOR_ERROR']);
+		unset($_SESSION['XE_VALIDATOR_MESSAGE']);
+		unset($_SESSION['XE_VALIDATOR_MESSAGE_TYPE']);
+		unset($_SESSION['XE_VALIDATOR_RETURN_URL']);
+		unset($_SESSION['XE_VALIDATOR_ID']);
+		unset($_SESSION['INPUT_ERROR']);
 	}

 	/**
@ -846,6 +854,7 @@ class ModuleHandler extends Handler
 				$display_handler = new DisplayHandler();
 				$display_handler->_debugOutput();

+				Context::getInstance()->checkSessionStatus();
 				header('location:' . $_SESSION['XE_VALIDATOR_RETURN_URL']);
 				return;
 			}