21142411953

Committed 19 Jan 2026 03:08PM UTC coverage: 85.524% (-0.003%) from 85.527%

Build # 21142411953

Build Type

push

github

Committed by

web-flow

Commit Message

feat: add ``persistent`` config item to Session's Redis handler (#9793)

* feat: added persistent config item to redis handler Session

* tests: persistent connection session redis

fix: test persistent parameter false

* refactor: using filter_var

* refactor: name test

* Update system/Session/Handlers/RedisHandler.php

Co-authored-by: John Paul E. Balandan, CPA <paulbalandan@gmail.com>

* Fix filter_var on persistent

* Fix phpstan error

---------

Co-authored-by: John Paul E. Balandan, CPA <paulbalandan@gmail.com>

Run Details

14 of 15 new or added lines in 1 file covered. (93.33%)

1 existing line in 1 file now uncovered.

21978 of 25698 relevant lines covered (85.52%)

206.04 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

67.14

/system/Session/Handlers/RedisHandler.php

<?php

declare(strict_types=1);

/**
 * This file is part of CodeIgniter 4 framework.
 *
 * (c) CodeIgniter Foundation <admin@codeigniter.com>
 *
 * For the full copyright and license information, please view
 * the LICENSE file that was distributed with this source code.
 */

namespace CodeIgniter\Session\Handlers;

use CodeIgniter\I18n\Time;
use CodeIgniter\Session\Exceptions\SessionException;
use Config\Session as SessionConfig;
use Redis;
use RedisException;
use ReturnTypeWillChange;

/**
 * Session handler using Redis for persistence.
 */
class RedisHandler extends BaseHandler
{
    private const DEFAULT_PORT     = 6379;
    private const DEFAULT_PROTOCOL = 'tcp';

    /**
     * phpRedis instance.
     *
     * @var Redis|null
     */
    protected $redis;

    /**
     * Key prefix.
     *
     * @var string
     */
    protected $keyPrefix = 'ci_session:';

    /**
     * Lock key.
     *
     * @var string|null
     */
    protected $lockKey;

    /**
     * Key exists flag.
     *
     * @var bool
     */
    protected $keyExists = false;

    /**
     * Number of seconds until the session ends.
     *
     * @var int
     */
    protected $sessionExpiration = 7200;

    /**
     * Time (microseconds) to wait if lock cannot be acquired.
     */
    private int $lockRetryInterval = 100_000;

    /**
     * Maximum number of lock acquisition attempts.
     */
    private int $lockMaxRetries = 300;

    /**
     * @param string $ipAddress User's IP address.
     *
     * @throws SessionException
     */
    public function __construct(SessionConfig $config, string $ipAddress)
    {
        parent::__construct($config, $ipAddress);

        // Store Session configurations.
        $this->sessionExpiration = ($config->expiration === 0)
            ? (int) ini_get('session.gc_maxlifetime')
            : $config->expiration;

        // Add session cookie name for multiple session cookies.
        $this->keyPrefix .= $config->cookieName . ':';

        $this->setSavePath();

        if ($this->matchIP === true) {
            $this->keyPrefix .= $this->ipAddress . ':';
        }

        $this->lockRetryInterval = $config->lockWait ?? $this->lockRetryInterval;
        $this->lockMaxRetries    = $config->lockAttempts ?? $this->lockMaxRetries;
    }

    protected function setSavePath(): void
    {
        if ($this->savePath === '') {
            throw SessionException::forEmptySavepath();
        }

        $url   = parse_url($this->savePath);
        $query = [];

        if ($url === false) {
            // Unix domain socket like `unix:///var/run/redis/redis.sock?persistent=1`.
            if (preg_match('#unix://(/[^:?]+)(\?.+)?#', $this->savePath, $matches)) {
                $host = $matches[1];
                $port = 0;

                if (isset($matches[2])) {
                    parse_str(ltrim($matches[2], '?'), $query);
                }
            } else {
                throw SessionException::forInvalidSavePathFormat($this->savePath);
            }
        } else {
            // Also accepts `/var/run/redis.sock` for backward compatibility.
            if (isset($url['path']) && $url['path'][0] === '/') {
                $host = $url['path'];
                $port = 0;
            } else {
                // TCP connection.
                if (! isset($url['host'])) {
                    throw SessionException::forInvalidSavePathFormat($this->savePath);
                }

                $protocol = $url['scheme'] ?? self::DEFAULT_PROTOCOL;
                $host     = $protocol . '://' . $url['host'];
                $port     = $url['port'] ?? self::DEFAULT_PORT;
            }

            if (isset($url['query'])) {
                parse_str($url['query'], $query);
            }
        }

        $persistent = isset($query['persistent']) ? filter_var($query['persistent'], FILTER_VALIDATE_BOOL) : null;
        $password   = $query['auth'] ?? null;
        $database   = isset($query['database']) ? (int) $query['database'] : 0;
        $timeout    = isset($query['timeout']) ? (float) $query['timeout'] : 0.0;
        $prefix     = $query['prefix'] ?? null;

        $this->savePath = [
            'host'       => $host,
            'port'       => $port,
            'password'   => $password,
            'database'   => $database,
            'timeout'    => $timeout,
            'persistent' => $persistent,
        ];

        if ($prefix !== null) {
            $this->keyPrefix = $prefix;
        }
    }

    /**
     * Re-initialize existing session, or creates a new one.
     *
     * @param string $path The path where to store/retrieve the session.
     * @param string $name The session name.
     *
     * @throws RedisException
     */
    public function open($path, $name): bool
    {
        if (empty($this->savePath)) {
            return false;
        }

        $redis = new Redis();

        $funcConnection = isset($this->savePath['persistent']) && $this->savePath['persistent'] === true
            ? 'pconnect'
            : 'connect';

        if ($redis->{$funcConnection}($this->savePath['host'], $this->savePath['port'], $this->savePath['timeout']) === false) {
            $this->logger->error('Session: Unable to connect to Redis with the configured settings.');
        } elseif (isset($this->savePath['password']) && ! $redis->auth($this->savePath['password'])) {
            $this->logger->error('Session: Unable to authenticate to Redis instance.');
        } elseif (isset($this->savePath['database']) && ! $redis->select($this->savePath['database'])) {
            $this->logger->error(
                'Session: Unable to select Redis database with index ' . $this->savePath['database'],
            );
        } else {
            $this->redis = $redis;

            return true;
        }

        return false;
    }

    /**
     * Reads the session data from the session storage, and returns the results.
     *
     * @param string $id The session ID.
     *
     * @return false|string Returns an encoded string of the read data.
     *                      If nothing was read, it must return false.
     *
     * @throws RedisException
     */
    #[ReturnTypeWillChange]
    public function read($id)
    {
        if (isset($this->redis) && $this->lockSession($id)) {
            if (! isset($this->sessionID)) {
                $this->sessionID = $id;
            }

            $data = $this->redis->get($this->keyPrefix . $id);

            if (is_string($data)) {
                $this->keyExists = true;
            } else {
                $data = '';
            }

            $this->fingerprint = md5($data);

            return $data;
        }

        return false;
    }

    /**
     * Writes the session data to the session storage.
     *
     * @param string $id   The session ID.
     * @param string $data The encoded session data.
     *
     * @throws RedisException
     */
    public function write($id, $data): bool
    {
        if (! isset($this->redis)) {
            return false;
        }

        if ($this->sessionID !== $id) {
            if (! $this->releaseLock() || ! $this->lockSession($id)) {
                return false;
            }

            $this->keyExists = false;
            $this->sessionID = $id;
        }

        if (isset($this->lockKey)) {
            $this->redis->expire($this->lockKey, 300);

            if ($this->fingerprint !== ($fingerprint = md5($data)) || $this->keyExists === false) {
                if ($this->redis->set($this->keyPrefix . $id, $data, $this->sessionExpiration)) {
                    $this->fingerprint = $fingerprint;
                    $this->keyExists   = true;

                    return true;
                }

                return false;
            }

            return $this->redis->expire($this->keyPrefix . $id, $this->sessionExpiration);
        }

        return false;
    }

    /**
     * Closes the current session.
     */
    public function close(): bool
    {
        if (isset($this->redis)) {
            try {
                $pingReply = $this->redis->ping();

                if (($pingReply === true) || ($pingReply === '+PONG')) {
                    if (isset($this->lockKey) && ! $this->releaseLock()) {
                        return false;
                    }

                    if (! $this->redis->close()) {
                        return false;
                    }
                }
            } catch (RedisException $e) {
                $this->logger->error('Session: Got RedisException on close(): ' . $e->getMessage());
            }

            $this->redis = null;

            return true;
        }

        return true;
    }

    /**
     * Destroys a session.
     *
     * @param string $id The session ID being destroyed.
     *
     * @throws RedisException
     */
    public function destroy($id): bool
    {
        if (isset($this->redis, $this->lockKey)) {
            if (($result = $this->redis->del($this->keyPrefix . $id)) !== 1) {
                $this->logger->debug(
                    'Session: Redis::del() expected to return 1, got ' . var_export($result, true) . ' instead.',
                );
            }

            return $this->destroyCookie();
        }

        return false;
    }

    /**
     * Cleans up expired sessions.
     *
     * @param int $max_lifetime Sessions that have not updated
     *                          for the last max_lifetime seconds will be removed.
     *
     * @return false|int Returns the number of deleted sessions on success, or false on failure.
     */
    #[ReturnTypeWillChange]
    public function gc($max_lifetime)
    {
        return 1;
    }

    /**
     * Acquires an emulated lock.
     *
     * @param string $sessionID Session ID.
     *
     * @throws RedisException
     */
    protected function lockSession(string $sessionID): bool
    {
        $lockKey = $this->keyPrefix . $sessionID . ':lock';

        // PHP 7 reuses the SessionHandler object on regeneration,
        // so we need to check here if the lock key is for the
        // correct session ID.
        if ($this->lockKey === $lockKey) {
            // If there is the lock, make the ttl longer.
            return $this->redis->expire($this->lockKey, 300);
        }

        $attempt = 0;

        do {
            $result = $this->redis->set(
                $lockKey,
                (string) Time::now()->getTimestamp(),
                // NX -- Only set the key if it does not already exist.
                // EX seconds -- Set the specified expire time, in seconds.
                ['nx', 'ex' => 300],
            );

            if (! $result) {
                usleep($this->lockRetryInterval);

                continue;
            }

            $this->lockKey = $lockKey;
            break;
        } while (++$attempt < $this->lockMaxRetries);

        if ($attempt === 300) {
            $this->logger->error(
                'Session: Unable to obtain lock for ' . $this->keyPrefix . $sessionID
                . ' after 300 attempts, aborting.',
            );

            return false;
        }

        $this->lock = true;

        return true;
    }

    /**
     * Releases a previously acquired lock.
     *
     * @throws RedisException
     */
    protected function releaseLock(): bool
    {
        if (isset($this->redis, $this->lockKey) && $this->lock) {
            if (! $this->redis->del($this->lockKey)) {
                $this->logger->error('Session: Error while trying to free lock for ' . $this->lockKey);

                return false;
            }

            $this->lockKey = null;
            $this->lock    = false;
        }

        return true;
    }
}

1	<?php
2
3	declare(strict_types=1);
4
5	/**
6	* This file is part of CodeIgniter 4 framework.
7	*
8	* (c) CodeIgniter Foundation <admin@codeigniter.com>
9	*
10	* For the full copyright and license information, please view
11	* the LICENSE file that was distributed with this source code.
12	*/
13
14	namespace CodeIgniter\Session\Handlers;
15
16	use CodeIgniter\I18n\Time;
17	use CodeIgniter\Session\Exceptions\SessionException;
18	use Config\Session as SessionConfig;
19	use Redis;
20	use RedisException;
21	use ReturnTypeWillChange;
22
23	/**
24	* Session handler using Redis for persistence.
25	*/
26	class RedisHandler extends BaseHandler
27	{
28	private const DEFAULT_PORT = 6379;
29	private const DEFAULT_PROTOCOL = 'tcp';
30
31	/**
32	* phpRedis instance.
33	*
34	* @var Redis\|null
35	*/
36	protected $redis;
37
38	/**
39	* Key prefix.
40	*
41	* @var string
42	*/
43	protected $keyPrefix = 'ci_session:';
44
45	/**
46	* Lock key.
47	*
48	* @var string\|null
49	*/
50	protected $lockKey;
51
52	/**
53	* Key exists flag.
54	*
55	* @var bool
56	*/
57	protected $keyExists = false;
58
59	/**
60	* Number of seconds until the session ends.
61	*
62	* @var int
63	*/
64	protected $sessionExpiration = 7200;
65
66	/**
67	* Time (microseconds) to wait if lock cannot be acquired.
68	*/
69	private int $lockRetryInterval = 100_000;
70
71	/**
72	* Maximum number of lock acquisition attempts.
73	*/
74	private int $lockMaxRetries = 300;
75
76	/**
77	* @param string $ipAddress User's IP address.
78	*
79	* @throws SessionException
80	*/
81	public function __construct(SessionConfig $config, string $ipAddress)
82	{
83	parent::__construct($config, $ipAddress);	19✔
84
85	// Store Session configurations.
86	$this->sessionExpiration = ($config->expiration === 0)	19✔
87	? (int) ini_get('session.gc_maxlifetime')	×
88	: $config->expiration;	19✔
89
90	// Add session cookie name for multiple session cookies.
91	$this->keyPrefix .= $config->cookieName . ':';	19✔
92
93	$this->setSavePath();	19✔
94
95	if ($this->matchIP === true) {	19✔
96	$this->keyPrefix .= $this->ipAddress . ':';	×
97	}
98
99	$this->lockRetryInterval = $config->lockWait ?? $this->lockRetryInterval;	19✔
100	$this->lockMaxRetries = $config->lockAttempts ?? $this->lockMaxRetries;	19✔
101	}
102
103	protected function setSavePath(): void
104	{
105	if ($this->savePath === '') {	19✔
106	throw SessionException::forEmptySavepath();	×
107	}
108
109	$url = parse_url($this->savePath);	19✔
110	$query = [];	19✔
111
112	if ($url === false) {	19✔
113	// Unix domain socket like `unix:///var/run/redis/redis.sock?persistent=1`.
114	if (preg_match('#unix://(/[^:?]+)(\?.+)?#', $this->savePath, $matches)) {	1✔
115	$host = $matches[1];	1✔
116	$port = 0;	1✔
117
118	if (isset($matches[2])) {	1✔
119	parse_str(ltrim($matches[2], '?'), $query);	×
120	}
121	} else {
122	throw SessionException::forInvalidSavePathFormat($this->savePath);	×
123	}
124	} else {
125	// Also accepts `/var/run/redis.sock` for backward compatibility.
126	if (isset($url['path']) && $url['path'][0] === '/') {	18✔
127	$host = $url['path'];	1✔
128	$port = 0;	1✔
129	} else {
130	// TCP connection.
131	if (! isset($url['host'])) {	17✔
132	throw SessionException::forInvalidSavePathFormat($this->savePath);	×
133	}
134
135	$protocol = $url['scheme'] ?? self::DEFAULT_PROTOCOL;	17✔
136	$host = $protocol . '://' . $url['host'];	17✔
137	$port = $url['port'] ?? self::DEFAULT_PORT;	17✔
138	}
139
140	if (isset($url['query'])) {	18✔
141	parse_str($url['query'], $query);	9✔
142	}
143	}
144
145	$persistent = isset($query['persistent']) ? filter_var($query['persistent'], FILTER_VALIDATE_BOOL) : null;	19✔
146	$password = $query['auth'] ?? null;	19✔
147	$database = isset($query['database']) ? (int) $query['database'] : 0;	19✔
148	$timeout = isset($query['timeout']) ? (float) $query['timeout'] : 0.0;	19✔
149	$prefix = $query['prefix'] ?? null;	19✔
150
151	$this->savePath = [	19✔
152	'host' => $host,	19✔
153	'port' => $port,	19✔
154	'password' => $password,	19✔
155	'database' => $database,	19✔
156	'timeout' => $timeout,	19✔
157	'persistent' => $persistent,	19✔
158	];	19✔
159
160	if ($prefix !== null) {	19✔
161	$this->keyPrefix = $prefix;	×
162	}
163	}
164
165	/**
166	* Re-initialize existing session, or creates a new one.
167	*
168	* @param string $path The path where to store/retrieve the session.
169	* @param string $name The session name.
170	*
171	* @throws RedisException
172	*/
173	public function open($path, $name): bool
174	{
175	if (empty($this->savePath)) {	6✔
176	return false;	×
177	}
178
179	$redis = new Redis();	6✔
180
181	$funcConnection = isset($this->savePath['persistent']) && $this->savePath['persistent'] === true	6✔
NEW 182	? 'pconnect'	×
183	: 'connect';	6✔
184
185	if ($redis->{$funcConnection}($this->savePath['host'], $this->savePath['port'], $this->savePath['timeout']) === false) {	6✔
UNCOV 186	$this->logger->error('Session: Unable to connect to Redis with the configured settings.');	×
187	} elseif (isset($this->savePath['password']) && ! $redis->auth($this->savePath['password'])) {	6✔
188	$this->logger->error('Session: Unable to authenticate to Redis instance.');	×
189	} elseif (isset($this->savePath['database']) && ! $redis->select($this->savePath['database'])) {	6✔
190	$this->logger->error(	×
191	'Session: Unable to select Redis database with index ' . $this->savePath['database'],	×
192	);	×
193	} else {
194	$this->redis = $redis;	6✔
195
196	return true;	6✔
197	}
198
199	return false;	×
200	}
201
202	/**
203	* Reads the session data from the session storage, and returns the results.
204	*
205	* @param string $id The session ID.
206	*
207	* @return false\|string Returns an encoded string of the read data.
208	* If nothing was read, it must return false.
209	*
210	* @throws RedisException
211	*/
212	#[ReturnTypeWillChange]
213	public function read($id)
214	{
215	if (isset($this->redis) && $this->lockSession($id)) {	4✔
216	if (! isset($this->sessionID)) {	4✔
217	$this->sessionID = $id;	4✔
218	}
219
220	$data = $this->redis->get($this->keyPrefix . $id);	4✔
221
222	if (is_string($data)) {	4✔
223	$this->keyExists = true;	2✔
224	} else {
225	$data = '';	2✔
226	}
227
228	$this->fingerprint = md5($data);	4✔
229
230	return $data;	4✔
231	}
232
233	return false;	×
234	}
235
236	/**
237	* Writes the session data to the session storage.
238	*
239	* @param string $id The session ID.
240	* @param string $data The encoded session data.
241	*
242	* @throws RedisException
243	*/
244	public function write($id, $data): bool
245	{
246	if (! isset($this->redis)) {	1✔
247	return false;	×
248	}
249
250	if ($this->sessionID !== $id) {	1✔
251	if (! $this->releaseLock() \|\| ! $this->lockSession($id)) {	×
252	return false;	×
253	}
254
255	$this->keyExists = false;	×
256	$this->sessionID = $id;	×
257	}
258
259	if (isset($this->lockKey)) {	1✔
260	$this->redis->expire($this->lockKey, 300);	1✔
261
262	if ($this->fingerprint !== ($fingerprint = md5($data)) \|\| $this->keyExists === false) {	1✔
263	if ($this->redis->set($this->keyPrefix . $id, $data, $this->sessionExpiration)) {	1✔
264	$this->fingerprint = $fingerprint;	1✔
265	$this->keyExists = true;	1✔
266
267	return true;	1✔
268	}
269
270	return false;	×
271	}
272
273	return $this->redis->expire($this->keyPrefix . $id, $this->sessionExpiration);	×
274	}
275
276	return false;	×
277	}
278
279	/**
280	* Closes the current session.
281	*/
282	public function close(): bool
283	{
284	if (isset($this->redis)) {	4✔
285	try {
286	$pingReply = $this->redis->ping();	4✔
287
288	if (($pingReply === true) \|\| ($pingReply === '+PONG')) {	4✔
289	if (isset($this->lockKey) && ! $this->releaseLock()) {	4✔
290	return false;	×
291	}
292
293	if (! $this->redis->close()) {	4✔
294	return false;	4✔
295	}
296	}
297	} catch (RedisException $e) {	×
298	$this->logger->error('Session: Got RedisException on close(): ' . $e->getMessage());	×
299	}
300
301	$this->redis = null;	4✔
302
303	return true;	4✔
304	}
305
306	return true;	×
307	}
308
309	/**
310	* Destroys a session.
311	*
312	* @param string $id The session ID being destroyed.
313	*
314	* @throws RedisException
315	*/
316	public function destroy($id): bool
317	{
318	if (isset($this->redis, $this->lockKey)) {	×
319	if (($result = $this->redis->del($this->keyPrefix . $id)) !== 1) {	×
320	$this->logger->debug(	×
321	'Session: Redis::del() expected to return 1, got ' . var_export($result, true) . ' instead.',	×
322	);	×
323	}
324
325	return $this->destroyCookie();	×
326	}
327
328	return false;	×
329	}
330
331	/**
332	* Cleans up expired sessions.
333	*
334	* @param int $max_lifetime Sessions that have not updated
335	* for the last max_lifetime seconds will be removed.
336	*
337	* @return false\|int Returns the number of deleted sessions on success, or false on failure.
338	*/
339	#[ReturnTypeWillChange]
340	public function gc($max_lifetime)
341	{
342	return 1;	1✔
343	}
344
345	/**
346	* Acquires an emulated lock.
347	*
348	* @param string $sessionID Session ID.
349	*
350	* @throws RedisException
351	*/
352	protected function lockSession(string $sessionID): bool
353	{
354	$lockKey = $this->keyPrefix . $sessionID . ':lock';	4✔
355
356	// PHP 7 reuses the SessionHandler object on regeneration,
357	// so we need to check here if the lock key is for the
358	// correct session ID.
359	if ($this->lockKey === $lockKey) {	4✔
360	// If there is the lock, make the ttl longer.
361	return $this->redis->expire($this->lockKey, 300);	×
362	}
363
364	$attempt = 0;	4✔
365
366	do {
367	$result = $this->redis->set(	4✔
368	$lockKey,	4✔
369	(string) Time::now()->getTimestamp(),	4✔
370	// NX -- Only set the key if it does not already exist.
371	// EX seconds -- Set the specified expire time, in seconds.
372	['nx', 'ex' => 300],	4✔
373	);	4✔
374
375	if (! $result) {	4✔
376	usleep($this->lockRetryInterval);	×
377
378	continue;	×
379	}
380
381	$this->lockKey = $lockKey;	4✔
382	break;	4✔
383	} while (++$attempt < $this->lockMaxRetries);	×
384
385	if ($attempt === 300) {	4✔
386	$this->logger->error(	×
387	'Session: Unable to obtain lock for ' . $this->keyPrefix . $sessionID	×
388	. ' after 300 attempts, aborting.',	×
389	);	×
390
391	return false;	×
392	}
393
394	$this->lock = true;	4✔
395
396	return true;	4✔
397	}
398
399	/**
400	* Releases a previously acquired lock.
401	*
402	* @throws RedisException
403	*/
404	protected function releaseLock(): bool
405	{
406	if (isset($this->redis, $this->lockKey) && $this->lock) {	4✔
407	if (! $this->redis->del($this->lockKey)) {	4✔
408	$this->logger->error('Session: Error while trying to free lock for ' . $this->lockKey);	×
409
410	return false;	×
411	}
412
413	$this->lockKey = null;	4✔
414	$this->lock = false;	4✔
415	}
416
417	return true;	4✔
418	}
419	}

codeigniter4 / CodeIgniter4 / 21142411953

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous