21178922612

Committed 20 Jan 2026 04:20PM UTC coverage: 85.402% (-0.1%) from 85.526%

Build # 21178922612

Build Type

Pull #9889

github

Committed by

web-flow

Commit Message

Merge 63185abef into c7e784fe4

Pull Request Pull Request #9889: feat: FrankenPHP Worker Mode

Run Details

154 of 238 new or added lines in 19 files covered. (64.71%)

1 existing line in 1 file now uncovered.

22119 of 25900 relevant lines covered (85.4%)

205.29 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

67.59

/system/Session/Handlers/RedisHandler.php

<?php

declare(strict_types=1);

/**
 * This file is part of CodeIgniter 4 framework.
 *
 * (c) CodeIgniter Foundation <admin@codeigniter.com>
 *
 * For the full copyright and license information, please view
 * the LICENSE file that was distributed with this source code.
 */

namespace CodeIgniter\Session\Handlers;

use CodeIgniter\I18n\Time;
use CodeIgniter\Session\Exceptions\SessionException;
use CodeIgniter\Session\PersistsConnection;
use Config\Session as SessionConfig;
use Redis;
use RedisException;
use ReturnTypeWillChange;

/**
 * Session handler using Redis for persistence.
 */
class RedisHandler extends BaseHandler
{
    use PersistsConnection;

    private const DEFAULT_PORT     = 6379;
    private const DEFAULT_PROTOCOL = 'tcp';

    /**
     * phpRedis instance.
     *
     * @var Redis|null
     */
    protected $redis;

    /**
     * Key prefix.
     *
     * @var string
     */
    protected $keyPrefix = 'ci_session:';

    /**
     * Lock key.
     *
     * @var string|null
     */
    protected $lockKey;

    /**
     * Key exists flag.
     *
     * @var bool
     */
    protected $keyExists = false;

    /**
     * Number of seconds until the session ends.
     *
     * @var int
     */
    protected $sessionExpiration = 7200;

    /**
     * Time (microseconds) to wait if lock cannot be acquired.
     */
    private int $lockRetryInterval = 100_000;

    /**
     * Maximum number of lock acquisition attempts.
     */
    private int $lockMaxRetries = 300;

    /**
     * @param string $ipAddress User's IP address.
     *
     * @throws SessionException
     */
    public function __construct(SessionConfig $config, string $ipAddress)
    {
        parent::__construct($config, $ipAddress);

        // Store Session configurations.
        $this->sessionExpiration = ($config->expiration === 0)
            ? (int) ini_get('session.gc_maxlifetime')
            : $config->expiration;

        // Add session cookie name for multiple session cookies.
        $this->keyPrefix .= $config->cookieName . ':';

        $this->setSavePath();

        if ($this->matchIP === true) {
            $this->keyPrefix .= $this->ipAddress . ':';
        }

        $this->lockRetryInterval = $config->lockWait ?? $this->lockRetryInterval;
        $this->lockMaxRetries    = $config->lockAttempts ?? $this->lockMaxRetries;
    }

    protected function setSavePath(): void
    {
        if ($this->savePath === '') {
            throw SessionException::forEmptySavepath();
        }

        $url   = parse_url($this->savePath);
        $query = [];

        if ($url === false) {
            // Unix domain socket like `unix:///var/run/redis/redis.sock?persistent=1`.
            if (preg_match('#unix://(/[^:?]+)(\?.+)?#', $this->savePath, $matches)) {
                $host = $matches[1];
                $port = 0;

                if (isset($matches[2])) {
                    parse_str(ltrim($matches[2], '?'), $query);
                }
            } else {
                throw SessionException::forInvalidSavePathFormat($this->savePath);
            }
        } else {
            // Also accepts `/var/run/redis.sock` for backward compatibility.
            if (isset($url['path']) && $url['path'][0] === '/') {
                $host = $url['path'];
                $port = 0;
            } else {
                // TCP connection.
                if (! isset($url['host'])) {
                    throw SessionException::forInvalidSavePathFormat($this->savePath);
                }

                $protocol = $url['scheme'] ?? self::DEFAULT_PROTOCOL;
                $host     = $protocol . '://' . $url['host'];
                $port     = $url['port'] ?? self::DEFAULT_PORT;
            }

            if (isset($url['query'])) {
                parse_str($url['query'], $query);
            }
        }

        $persistent = isset($query['persistent']) ? filter_var($query['persistent'], FILTER_VALIDATE_BOOL) : null;
        $password   = $query['auth'] ?? null;
        $database   = isset($query['database']) ? (int) $query['database'] : 0;
        $timeout    = isset($query['timeout']) ? (float) $query['timeout'] : 0.0;
        $prefix     = $query['prefix'] ?? null;

        $this->savePath = [
            'host'       => $host,
            'port'       => $port,
            'password'   => $password,
            'database'   => $database,
            'timeout'    => $timeout,
            'persistent' => $persistent,
        ];

        if ($prefix !== null) {
            $this->keyPrefix = $prefix;
        }
    }

    /**
     * Re-initialize existing session, or creates a new one.
     *
     * @param string $path The path where to store/retrieve the session.
     * @param string $name The session name.
     *
     * @throws RedisException
     */
    public function open($path, $name): bool
    {
        if (empty($this->savePath)) {
            return false;
        }

        if ($this->hasPersistentConnection()) {
            $redis = $this->getPersistentConnection();

            try {
                $pingReply = $redis->ping();

                if (in_array($pingReply, [true, '+PONG'], true)) {
                    $this->redis = $redis;

                    return true;
                }
            } catch (RedisException) {
                $this->setPersistentConnection(null);
            }
        }

        $redis = new Redis();

        $funcConnection = isset($this->savePath['persistent']) && $this->savePath['persistent'] === true
            ? 'pconnect'
            : 'connect';

        if ($redis->{$funcConnection}($this->savePath['host'], $this->savePath['port'], $this->savePath['timeout']) === false) {
            $this->logger->error('Session: Unable to connect to Redis with the configured settings.');
        } elseif (isset($this->savePath['password']) && ! $redis->auth($this->savePath['password'])) {
            $this->logger->error('Session: Unable to authenticate to Redis instance.');
        } elseif (isset($this->savePath['database']) && ! $redis->select($this->savePath['database'])) {
            $this->logger->error(
                'Session: Unable to select Redis database with index ' . $this->savePath['database'],
            );
        } else {
            $this->setPersistentConnection($redis);
            $this->redis = $redis;

            return true;
        }

        return false;
    }

    /**
     * Reads the session data from the session storage, and returns the results.
     *
     * @param string $id The session ID.
     *
     * @return false|string Returns an encoded string of the read data.
     *                      If nothing was read, it must return false.
     *
     * @throws RedisException
     */
    #[ReturnTypeWillChange]
    public function read($id)
    {
        if (isset($this->redis) && $this->lockSession($id)) {
            if (! isset($this->sessionID)) {
                $this->sessionID = $id;
            }

            $data = $this->redis->get($this->keyPrefix . $id);

            if (is_string($data)) {
                $this->keyExists = true;
            } else {
                $data = '';
            }

            $this->fingerprint = md5($data);

            return $data;
        }

        return false;
    }

    /**
     * Writes the session data to the session storage.
     *
     * @param string $id   The session ID.
     * @param string $data The encoded session data.
     *
     * @throws RedisException
     */
    public function write($id, $data): bool
    {
        if (! isset($this->redis)) {
            return false;
        }

        if ($this->sessionID !== $id) {
            if (! $this->releaseLock() || ! $this->lockSession($id)) {
                return false;
            }

            $this->keyExists = false;
            $this->sessionID = $id;
        }

        if (isset($this->lockKey)) {
            $this->redis->expire($this->lockKey, 300);

            if ($this->fingerprint !== ($fingerprint = md5($data)) || $this->keyExists === false) {
                if ($this->redis->set($this->keyPrefix . $id, $data, $this->sessionExpiration)) {
                    $this->fingerprint = $fingerprint;
                    $this->keyExists   = true;

                    return true;
                }

                return false;
            }

            return $this->redis->expire($this->keyPrefix . $id, $this->sessionExpiration);
        }

        return false;
    }

    /**
     * Closes the current session.
     */
    public function close(): bool
    {
        if (isset($this->redis)) {
            try {
                $pingReply = $this->redis->ping();

                if (in_array($pingReply, [true, '+PONG'], true) && (isset($this->lockKey) && ! $this->releaseLock())) {
                    return false;
                }
            } catch (RedisException $e) {
                $this->logger->error('Session: Got RedisException on close(): ' . $e->getMessage());
            }

            return true;
        }

        return true;
    }

    /**
     * Destroys a session.
     *
     * @param string $id The session ID being destroyed.
     *
     * @throws RedisException
     */
    public function destroy($id): bool
    {
        if (isset($this->redis, $this->lockKey)) {
            if (($result = $this->redis->del($this->keyPrefix . $id)) !== 1) {
                $this->logger->debug(
                    'Session: Redis::del() expected to return 1, got ' . var_export($result, true) . ' instead.',
                );
            }

            return $this->destroyCookie();
        }

        return false;
    }

    /**
     * Cleans up expired sessions.
     *
     * @param int $max_lifetime Sessions that have not updated
     *                          for the last max_lifetime seconds will be removed.
     *
     * @return false|int Returns the number of deleted sessions on success, or false on failure.
     */
    #[ReturnTypeWillChange]
    public function gc($max_lifetime)
    {
        return 1;
    }

    /**
     * Acquires an emulated lock.
     *
     * @param string $sessionID Session ID.
     *
     * @throws RedisException
     */
    protected function lockSession(string $sessionID): bool
    {
        $lockKey = $this->keyPrefix . $sessionID . ':lock';

        // PHP 7 reuses the SessionHandler object on regeneration,
        // so we need to check here if the lock key is for the
        // correct session ID.
        if ($this->lockKey === $lockKey) {
            // If there is the lock, make the ttl longer.
            return $this->redis->expire($this->lockKey, 300);
        }

        $attempt = 0;

        do {
            $result = $this->redis->set(
                $lockKey,
                (string) Time::now()->getTimestamp(),
                // NX -- Only set the key if it does not already exist.
                // EX seconds -- Set the specified expire time, in seconds.
                ['nx', 'ex' => 300],
            );

            if (! $result) {
                usleep($this->lockRetryInterval);

                continue;
            }

            $this->lockKey = $lockKey;
            break;
        } while (++$attempt < $this->lockMaxRetries);

        if ($attempt === 300) {
            $this->logger->error(
                'Session: Unable to obtain lock for ' . $this->keyPrefix . $sessionID
                . ' after 300 attempts, aborting.',
            );

            return false;
        }

        $this->lock = true;

        return true;
    }

    /**
     * Releases a previously acquired lock.
     *
     * @throws RedisException
     */
    protected function releaseLock(): bool
    {
        if (isset($this->redis, $this->lockKey) && $this->lock) {
            if (! $this->redis->del($this->lockKey)) {
                $this->logger->error('Session: Error while trying to free lock for ' . $this->lockKey);

                return false;
            }

            $this->lockKey = null;
            $this->lock    = false;
        }

        return true;
    }
}

1	<?php
2
3	declare(strict_types=1);
4
5	/**
6	* This file is part of CodeIgniter 4 framework.
7	*
8	* (c) CodeIgniter Foundation <admin@codeigniter.com>
9	*
10	* For the full copyright and license information, please view
11	* the LICENSE file that was distributed with this source code.
12	*/
13
14	namespace CodeIgniter\Session\Handlers;
15
16	use CodeIgniter\I18n\Time;
17	use CodeIgniter\Session\Exceptions\SessionException;
18	use CodeIgniter\Session\PersistsConnection;
19	use Config\Session as SessionConfig;
20	use Redis;
21	use RedisException;
22	use ReturnTypeWillChange;
23
24	/**
25	* Session handler using Redis for persistence.
26	*/
27	class RedisHandler extends BaseHandler
28	{
29	use PersistsConnection;
30
31	private const DEFAULT_PORT = 6379;
32	private const DEFAULT_PROTOCOL = 'tcp';
33
34	/**
35	* phpRedis instance.
36	*
37	* @var Redis\|null
38	*/
39	protected $redis;
40
41	/**
42	* Key prefix.
43	*
44	* @var string
45	*/
46	protected $keyPrefix = 'ci_session:';
47
48	/**
49	* Lock key.
50	*
51	* @var string\|null
52	*/
53	protected $lockKey;
54
55	/**
56	* Key exists flag.
57	*
58	* @var bool
59	*/
60	protected $keyExists = false;
61
62	/**
63	* Number of seconds until the session ends.
64	*
65	* @var int
66	*/
67	protected $sessionExpiration = 7200;
68
69	/**
70	* Time (microseconds) to wait if lock cannot be acquired.
71	*/
72	private int $lockRetryInterval = 100_000;
73
74	/**
75	* Maximum number of lock acquisition attempts.
76	*/
77	private int $lockMaxRetries = 300;
78
79	/**
80	* @param string $ipAddress User's IP address.
81	*
82	* @throws SessionException
83	*/
84	public function __construct(SessionConfig $config, string $ipAddress)
85	{
86	parent::__construct($config, $ipAddress);	22✔
87
88	// Store Session configurations.
89	$this->sessionExpiration = ($config->expiration === 0)	22✔
90	? (int) ini_get('session.gc_maxlifetime')	×
91	: $config->expiration;	22✔
92
93	// Add session cookie name for multiple session cookies.
94	$this->keyPrefix .= $config->cookieName . ':';	22✔
95
96	$this->setSavePath();	22✔
97
98	if ($this->matchIP === true) {	22✔
99	$this->keyPrefix .= $this->ipAddress . ':';	×
100	}
101
102	$this->lockRetryInterval = $config->lockWait ?? $this->lockRetryInterval;	22✔
103	$this->lockMaxRetries = $config->lockAttempts ?? $this->lockMaxRetries;	22✔
104	}
105
106	protected function setSavePath(): void
107	{
108	if ($this->savePath === '') {	22✔
109	throw SessionException::forEmptySavepath();	×
110	}
111
112	$url = parse_url($this->savePath);	22✔
113	$query = [];	22✔
114
115	if ($url === false) {	22✔
116	// Unix domain socket like `unix:///var/run/redis/redis.sock?persistent=1`.
117	if (preg_match('#unix://(/[^:?]+)(\?.+)?#', $this->savePath, $matches)) {	1✔
118	$host = $matches[1];	1✔
119	$port = 0;	1✔
120
121	if (isset($matches[2])) {	1✔
122	parse_str(ltrim($matches[2], '?'), $query);	×
123	}
124	} else {
125	throw SessionException::forInvalidSavePathFormat($this->savePath);	×
126	}
127	} else {
128	// Also accepts `/var/run/redis.sock` for backward compatibility.
129	if (isset($url['path']) && $url['path'][0] === '/') {	21✔
130	$host = $url['path'];	1✔
131	$port = 0;	1✔
132	} else {
133	// TCP connection.
134	if (! isset($url['host'])) {	20✔
135	throw SessionException::forInvalidSavePathFormat($this->savePath);	×
136	}
137
138	$protocol = $url['scheme'] ?? self::DEFAULT_PROTOCOL;	20✔
139	$host = $protocol . '://' . $url['host'];	20✔
140	$port = $url['port'] ?? self::DEFAULT_PORT;	20✔
141	}
142
143	if (isset($url['query'])) {	21✔
144	parse_str($url['query'], $query);	9✔
145	}
146	}
147
148	$persistent = isset($query['persistent']) ? filter_var($query['persistent'], FILTER_VALIDATE_BOOL) : null;	22✔
149	$password = $query['auth'] ?? null;	22✔
150	$database = isset($query['database']) ? (int) $query['database'] : 0;	22✔
151	$timeout = isset($query['timeout']) ? (float) $query['timeout'] : 0.0;	22✔
152	$prefix = $query['prefix'] ?? null;	22✔
153
154	$this->savePath = [	22✔
155	'host' => $host,	22✔
156	'port' => $port,	22✔
157	'password' => $password,	22✔
158	'database' => $database,	22✔
159	'timeout' => $timeout,	22✔
160	'persistent' => $persistent,	22✔
161	];	22✔
162
163	if ($prefix !== null) {	22✔
164	$this->keyPrefix = $prefix;	×
165	}
166	}
167
168	/**
169	* Re-initialize existing session, or creates a new one.
170	*
171	* @param string $path The path where to store/retrieve the session.
172	* @param string $name The session name.
173	*
174	* @throws RedisException
175	*/
176	public function open($path, $name): bool
177	{
178	if (empty($this->savePath)) {	9✔
179	return false;	×
180	}
181
182	if ($this->hasPersistentConnection()) {	9✔
183	$redis = $this->getPersistentConnection();	2✔
184
185	try {
186	$pingReply = $redis->ping();	2✔
187
188	if (in_array($pingReply, [true, '+PONG'], true)) {	2✔
189	$this->redis = $redis;	2✔
190
191	return true;	2✔
192	}
NEW 193	} catch (RedisException) {	×
NEW 194	$this->setPersistentConnection(null);	×
195	}
196	}
197
198	$redis = new Redis();	9✔
199
200	$funcConnection = isset($this->savePath['persistent']) && $this->savePath['persistent'] === true	9✔
201	? 'pconnect'	×
202	: 'connect';	9✔
203
204	if ($redis->{$funcConnection}($this->savePath['host'], $this->savePath['port'], $this->savePath['timeout']) === false) {	9✔
205	$this->logger->error('Session: Unable to connect to Redis with the configured settings.');	×
206	} elseif (isset($this->savePath['password']) && ! $redis->auth($this->savePath['password'])) {	9✔
207	$this->logger->error('Session: Unable to authenticate to Redis instance.');	×
208	} elseif (isset($this->savePath['database']) && ! $redis->select($this->savePath['database'])) {	9✔
209	$this->logger->error(	×
210	'Session: Unable to select Redis database with index ' . $this->savePath['database'],	×
211	);	×
212	} else {
213	$this->setPersistentConnection($redis);	9✔
214	$this->redis = $redis;	9✔
215
216	return true;	9✔
217	}
218
219	return false;	×
220	}
221
222	/**
223	* Reads the session data from the session storage, and returns the results.
224	*
225	* @param string $id The session ID.
226	*
227	* @return false\|string Returns an encoded string of the read data.
228	* If nothing was read, it must return false.
229	*
230	* @throws RedisException
231	*/
232	#[ReturnTypeWillChange]
233	public function read($id)
234	{
235	if (isset($this->redis) && $this->lockSession($id)) {	4✔
236	if (! isset($this->sessionID)) {	4✔
237	$this->sessionID = $id;	4✔
238	}
239
240	$data = $this->redis->get($this->keyPrefix . $id);	4✔
241
242	if (is_string($data)) {	4✔
243	$this->keyExists = true;	2✔
244	} else {
245	$data = '';	2✔
246	}
247
248	$this->fingerprint = md5($data);	4✔
249
250	return $data;	4✔
251	}
252
253	return false;	×
254	}
255
256	/**
257	* Writes the session data to the session storage.
258	*
259	* @param string $id The session ID.
260	* @param string $data The encoded session data.
261	*
262	* @throws RedisException
263	*/
264	public function write($id, $data): bool
265	{
266	if (! isset($this->redis)) {	1✔
267	return false;	×
268	}
269
270	if ($this->sessionID !== $id) {	1✔
271	if (! $this->releaseLock() \|\| ! $this->lockSession($id)) {	×
272	return false;	×
273	}
274
275	$this->keyExists = false;	×
276	$this->sessionID = $id;	×
277	}
278
279	if (isset($this->lockKey)) {	1✔
280	$this->redis->expire($this->lockKey, 300);	1✔
281
282	if ($this->fingerprint !== ($fingerprint = md5($data)) \|\| $this->keyExists === false) {	1✔
283	if ($this->redis->set($this->keyPrefix . $id, $data, $this->sessionExpiration)) {	1✔
284	$this->fingerprint = $fingerprint;	1✔
285	$this->keyExists = true;	1✔
286
287	return true;	1✔
288	}
289
290	return false;	×
291	}
292
293	return $this->redis->expire($this->keyPrefix . $id, $this->sessionExpiration);	×
294	}
295
296	return false;	×
297	}
298
299	/**
300	* Closes the current session.
301	*/
302	public function close(): bool
303	{
304	if (isset($this->redis)) {	7✔
305	try {
306	$pingReply = $this->redis->ping();	7✔
307
308	if (in_array($pingReply, [true, '+PONG'], true) && (isset($this->lockKey) && ! $this->releaseLock())) {	7✔
309	return false;	7✔
310	}
311	} catch (RedisException $e) {	×
312	$this->logger->error('Session: Got RedisException on close(): ' . $e->getMessage());	×
313	}
314
315	return true;	7✔
316	}
317
318	return true;	×
319	}
320
321	/**
322	* Destroys a session.
323	*
324	* @param string $id The session ID being destroyed.
325	*
326	* @throws RedisException
327	*/
328	public function destroy($id): bool
329	{
330	if (isset($this->redis, $this->lockKey)) {	×
331	if (($result = $this->redis->del($this->keyPrefix . $id)) !== 1) {	×
332	$this->logger->debug(	×
333	'Session: Redis::del() expected to return 1, got ' . var_export($result, true) . ' instead.',	×
334	);	×
335	}
336
337	return $this->destroyCookie();	×
338	}
339
340	return false;	×
341	}
342
343	/**
344	* Cleans up expired sessions.
345	*
346	* @param int $max_lifetime Sessions that have not updated
347	* for the last max_lifetime seconds will be removed.
348	*
349	* @return false\|int Returns the number of deleted sessions on success, or false on failure.
350	*/
351	#[ReturnTypeWillChange]
352	public function gc($max_lifetime)
353	{
354	return 1;	1✔
355	}
356
357	/**
358	* Acquires an emulated lock.
359	*
360	* @param string $sessionID Session ID.
361	*
362	* @throws RedisException
363	*/
364	protected function lockSession(string $sessionID): bool
365	{
366	$lockKey = $this->keyPrefix . $sessionID . ':lock';	4✔
367
368	// PHP 7 reuses the SessionHandler object on regeneration,
369	// so we need to check here if the lock key is for the
370	// correct session ID.
371	if ($this->lockKey === $lockKey) {	4✔
372	// If there is the lock, make the ttl longer.
373	return $this->redis->expire($this->lockKey, 300);	×
374	}
375
376	$attempt = 0;	4✔
377
378	do {
379	$result = $this->redis->set(	4✔
380	$lockKey,	4✔
381	(string) Time::now()->getTimestamp(),	4✔
382	// NX -- Only set the key if it does not already exist.
383	// EX seconds -- Set the specified expire time, in seconds.
384	['nx', 'ex' => 300],	4✔
385	);	4✔
386
387	if (! $result) {	4✔
388	usleep($this->lockRetryInterval);	×
389
390	continue;	×
391	}
392
393	$this->lockKey = $lockKey;	4✔
394	break;	4✔
395	} while (++$attempt < $this->lockMaxRetries);	×
396
397	if ($attempt === 300) {	4✔
398	$this->logger->error(	×
399	'Session: Unable to obtain lock for ' . $this->keyPrefix . $sessionID	×
400	. ' after 300 attempts, aborting.',	×
401	);	×
402
403	return false;	×
404	}
405
406	$this->lock = true;	4✔
407
408	return true;	4✔
409	}
410
411	/**
412	* Releases a previously acquired lock.
413	*
414	* @throws RedisException
415	*/
416	protected function releaseLock(): bool
417	{
418	if (isset($this->redis, $this->lockKey) && $this->lock) {	4✔
419	if (! $this->redis->del($this->lockKey)) {	4✔
420	$this->logger->error('Session: Error while trying to free lock for ' . $this->lockKey);	×
421
422	return false;	×
423	}
424
425	$this->lockKey = null;	4✔
426	$this->lock = false;	4✔
427	}
428
429	return true;	4✔
430	}
431	}

codeigniter4 / CodeIgniter4 / 21178922612

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous