1.20.x session.inc backdrop_session_initialize()

Initializes the session handler, starting a session if needed.

File

includes/session.inc, line 237
User session handling functions.

Code

function backdrop_session_initialize() {
  global $user, $is_https;

  // Calling session_set_save_handler() multiple times will cause errors on
  // PHP 7.2+. But checking a session status is only available 5.4+, so if the
  // status cannot be checked, or the status indicates that there is no session,
  // set session handlers.
  if (!function_exists('session_status') || session_status() === PHP_SESSION_NONE) {
    session_set_save_handler('_backdrop_session_open', '_backdrop_session_close', '_backdrop_session_read', '_backdrop_session_write', '_backdrop_session_destroy', '_backdrop_session_garbage_collection');
  }

  // We use !empty() in the following check to ensure that blank session IDs
  // are not valid.
  if (!empty($_COOKIE[session_name()]) || ($is_https && settings_get('https', FALSE) && !empty($_COOKIE[substr(session_name(), 1)]))) {
    // If a session cookie exists, initialize the session. Otherwise the
    // session is only started on demand in backdrop_session_commit(), making
    // anonymous users not use a session cookie unless something is stored in
    // $_SESSION. This allows HTTP proxies to cache anonymous pageviews.
    backdrop_session_start();
    if (!empty($user->uid) || !empty($_SESSION)) {
      backdrop_page_is_cacheable(FALSE);
    }
  }
  else {
    // Set a session identifier for this request. This is necessary because
    // we lazily start sessions at the end of this request, and some
    // processes (like backdrop_get_token()) needs to know the future
    // session ID in advance.
    $GLOBALS['lazy_session'] = TRUE;
    $user = backdrop_anonymous_user();
    // Less random sessions (which are much faster to generate) are used for
    // anonymous users than are generated in backdrop_session_regenerate() when
    // a user becomes authenticated.
    session_id(backdrop_random_key());
    if ($is_https && settings_get('https', FALSE)) {
      $insecure_session_name = substr(session_name(), 1);
      $session_id = backdrop_random_key();
      $_COOKIE[$insecure_session_name] = $session_id;
    }
  }
  date_default_timezone_set(backdrop_get_user_timezone());
}