OXID eShop CE  4.10.2
 All Classes Namespaces Files Functions Variables Pages
oxsession.php
Go to the documentation of this file.
1 <?php
2 
3 // @deprecated since v5.3.0 (2016-05-24); Implement your own session handler with a module.
4 DEFINE('_DB_SESSION_HANDLER', getShopBasePath() . 'core/adodblite/session/adodb-session.php');
5 
11 class oxSession extends oxSuperCfg
12 {
13 
19  protected $_sName = 'sid';
20 
26  protected $_sForcedPrefix = 'force_';
27 
33  protected $_sId = null;
34 
40  protected static $_blIsNewSession = false;
41 
47  protected static $_oUser = null;
48 
55  protected $_blNewSession = false;
56 
62  protected $_blForceNewSession = false;
63 
69  protected $_sErrorMsg = null;
70 
76  protected $_oBasket = null;
77 
83  protected $_oBasketReservations = null;
84 
90  protected $_blStarted = false;
91 
100  protected $_aRequireSessionWithParams = array(
101  'cl' => array(
102  'register' => true,
103  'account' => true,
104  ),
105  'fnc' => array(
106  'tobasket' => true,
107  'login_noredirect' => true,
108  'tocomparelist' => true,
109  ),
110  '_artperpage' => true,
111  'ldtype' => true,
112  'listorderby' => true,
113  );
114 
120  protected $_blSidNeeded = null;
121 
127  protected $_aPersistentParams = array("actshop", "lang", "currency", "language", "tpllanguage");
128 
134  public function getId()
135  {
136  return $this->_sId;
137  }
138 
144  public function setId($sVal)
145  {
146  $this->_sId = $sVal;
147  }
148 
154  public function setName($sVal)
155  {
156  $this->_sName = $sVal;
157  }
158 
164  public function getForcedName()
165  {
166  return $this->_sForcedPrefix . $this->getName();
167  }
168 
174  public function getName()
175  {
176  return $this->_sName;
177  }
178 
182  public function start()
183  {
184  $myConfig = $this->getConfig();
185  $sid = null;
186 
187  if ($this->isAdmin()) {
188  $this->setName("admin_sid");
189  } else {
190  $this->setName("sid");
191  }
192 
193  $sForceSidParam = $myConfig->getRequestParameter($this->getForcedName());
194  $sSidParam = $myConfig->getRequestParameter($this->getName());
195 
196  //forcing sid for SSL<->nonSSL transitions
197  if ($sForceSidParam) {
198  $sid = $sForceSidParam;
199  } elseif ($this->_getSessionUseCookies() && $this->_getCookieSid()) {
200  $sid = $this->_getCookieSid();
201  } elseif ($sSidParam) {
202  $sid = $sSidParam;
203  }
204 
205  //starting session if only we can
206  if ($this->_allowSessionStart()) {
207 
208  //creating new sid
209  if (!$sid) {
210  self::$_blIsNewSession = true;
211  $this->initNewSession();
212  } else {
213  self::$_blIsNewSession = false;
214  $this->_setSessionId($sid);
215  $this->_sessionStart();
216  }
217 
218  //special handling for new ZP cluster session, as in that case session_start() regenerates id
219  if ($this->_sId != session_id()) {
220  $this->_setSessionId(session_id());
221  }
222 
223  //checking for swapped client
224  $blSwapped = $this->_isSwappedClient();
225  if (!self::$_blIsNewSession && $blSwapped) {
226  $this->initNewSession();
227 
228  // passing notification about session problems
229  if ($this->_sErrorMsg && $myConfig->getConfigParam('iDebug')) {
230  oxRegistry::get("oxUtilsView")->addErrorToDisplay(oxNew("oxException", $this->_sErrorMsg));
231  }
232  } elseif (!$blSwapped) {
233  // transferring cookies between hosts
234  oxRegistry::get("oxUtilsServer")->loadSessionCookies();
235  }
236  }
237  }
238 
244  public function getRequestChallengeToken()
245  {
246  return preg_replace('/[^a-z0-9]/i', '', $this->getConfig()->getRequestParameter('stoken'));
247  }
248 
254  public function getSessionChallengeToken()
255  {
256  $sRet = preg_replace('/[^a-z0-9]/i', '', $this->getVariable('sess_stoken'));
257  if (!$sRet) {
258  $this->_initNewSessionChallenge();
259  $sRet = $this->getVariable('sess_stoken');
260  }
261 
262  return $sRet;
263  }
264 
271  public function checkSessionChallenge()
272  {
273  $sToken = $this->getSessionChallengeToken();
274 
275  return $sToken && ($sToken == $this->getRequestChallengeToken());
276  }
277 
281  protected function _initNewSessionChallenge()
282  {
283  $this->setVariable('sess_stoken', sprintf('%X', crc32(oxUtilsObject::getInstance()->generateUID())));
284  }
285 
291  protected function _sessionStart()
292  {
293  $blSetNoCache = true;
294  if ($blSetNoCache) {
295  //enforcing no caching when session is started
296  session_cache_limiter('nocache');
297 
298  //cache limiter workaround for AOL browsers
299  //as suggested at http://ilia.ws/archives/59-AOL-Browser-Woes.html
300  if (isset($_SERVER['HTTP_USER_AGENT']) &&
301  strpos($_SERVER['HTTP_USER_AGENT'], 'AOL') !== false
302  ) {
303 
304  session_cache_limiter(false);
305  header("Cache-Control: no-store, private, must-revalidate, proxy-revalidate, post-check=0, pre-check=0, max-age=0, s-maxage=0");
306  }
307  }
308 
309  // @deprecated since v5.3.0 (2016-05-24); Implement your own session handler with a module.
310  // Including database session managing class if needed.
311  if (oxRegistry::getConfig()->getConfigParam('blAdodbSessionHandler')) {
312  $oDB = oxDb::getDb();
313  include_once _DB_SESSION_HANDLER;
314  }
315  // END deprecated
316 
317  $this->_blStarted = @session_start();
318  if (!$this->getSessionChallengeToken()) {
319  $this->_initNewSessionChallenge();
320  }
321 
322  return $this->_blStarted;
323  }
324 
328  public function initNewSession()
329  {
330  // starting session only if it was not started yet
331  if (self::$_blIsNewSession) {
332  $this->_sessionStart();
333  }
334 
335  //saving persistent params if old session exists
336  $aPersistent = array();
337  foreach ($this->_aPersistentParams as $sParam) {
338  if (($sValue = $this->getVariable($sParam))) {
339  $aPersistent[$sParam] = $sValue;
340  }
341  }
342 
343  $this->_setSessionId($this->_getNewSessionId());
344 
345  //restoring persistent params to session
346  foreach ($aPersistent as $sKey => $sParam) {
347  $this->setVariable($sKey, $aPersistent[$sKey]);
348  }
349 
350  $this->_initNewSessionChallenge();
351 
352  // (re)setting actual user agent when initiating new session
353  $this->setVariable("sessionagent", oxRegistry::get("oxUtilsServer")->getServerVar('HTTP_USER_AGENT'));
354  }
355 
359  public function regenerateSessionId()
360  {
361  // starting session only if it was not started yet
362  if (self::$_blIsNewSession) {
363  $this->_sessionStart();
364 
365  // (re)setting actual user agent when initiating new session
366  $this->setVariable("sessionagent", oxRegistry::get("oxUtilsServer")->getServerVar('HTTP_USER_AGENT'));
367  }
368 
369  $this->_setSessionId($this->_getNewSessionId(false));
370  $this->_initNewSessionChallenge();
371  }
372 
381  protected function _getNewSessionId($blUnset = true)
382  {
383  // @deprecated since v5.3.0 (2016-05-24); Implement your own session handler with a module.
384  $sOldId = session_id();
385  @session_regenerate_id(!oxRegistry::getConfig()->getConfigParam('blAdodbSessionHandler'));
386  $sNewId = session_id();
387 
388  if ($blUnset) {
389  session_unset();
390  }
391 
392  if (oxRegistry::getConfig()->getConfigParam('blAdodbSessionHandler')) {
393  $oDB = oxDb::getDb();
394  $oDB->execute("UPDATE oxsessions SET SessionID = " . $oDB->quote($sNewId) . " WHERE SessionID = " . $oDB->quote($sOldId));
395  }
396  // END deprecated
397 
398  return session_id();
399  }
400 
404  public function freeze()
405  {
406  // storing basket ..
407  $this->setVariable($this->_getBasketName(), serialize($this->getBasket()));
408 
409  session_write_close();
410  }
411 
415  public function destroy()
416  {
417  //session_unset();
418  unset($_SESSION);
419  session_destroy();
420  }
421 
429  public function hasVariable($name)
430  {
431  if (defined('OXID_PHP_UNIT')) {
432  if (isset(modSession::$unitMOD) && is_object(modSession::$unitMOD)) {
433  try {
434  $sVal = modSession::getInstance()->getVar($name);
435 
436  return isset($sVal);
437  } catch (Exception $e) {
438  // if exception is thrown, use default
439  }
440  }
441  }
442 
443  return isset($_SESSION[$name]);
444  }
445 
454  public function setVariable($name, $value)
455  {
456  if (defined('OXID_PHP_UNIT')) {
457  if (isset(modSession::$unitMOD) && is_object(modSession::$unitMOD)) {
458  try {
459  return modSession::getInstance()->setVar($name, $value);
460  } catch (Exception $e) {
461  // if exception is thrown, use default
462  }
463  }
464  }
465 
466  $_SESSION[$name] = $value;
467  //logger( "set sessionvar : $name -> $value");
468  }
469 
477  public function getVariable($name)
478  {
479  if (defined('OXID_PHP_UNIT')) {
480  if (isset(modSession::$unitMOD) && is_object(modSession::$unitMOD)) {
481  try {
482  return modSession::getInstance()->getVar($name);
483  } catch (Exception $e) {
484  // if exception is thrown, use default
485  }
486  }
487  }
488 
489  if (isset($_SESSION[$name])) {
490  return $_SESSION[$name];
491  } else {
492  return null;
493  }
494  }
495 
503  public function deleteVariable($name)
504  {
505  if (defined('OXID_PHP_UNIT')) {
506  if (isset(modSession::$unitMOD) && is_object(modSession::$unitMOD)) {
507  try {
508  return modSession::getInstance()->setVar($name, null);
509  } catch (Exception $e) {
510  // if exception is thrown, use default
511  }
512  }
513  }
514 
515  $_SESSION[$name] = null;
516  //logger( "delete sessionvar : $name");
517  unset($_SESSION[$name]);
518  }
519 
529  public function sid($blForceSid = false)
530  {
531  $myConfig = $this->getConfig();
532  $blUseCookies = $this->_getSessionUseCookies();
533  $sRet = '';
534 
535  $blDisableSid = oxRegistry::getUtils()->isSearchEngine()
536  && is_array($myConfig->getConfigParam('aCacheViews'))
537  && !$this->isAdmin();
538 
539  //no cookie?
540  if (!$blDisableSid && $this->getId() && ($blForceSid || !$blUseCookies || !$this->_getCookieSid())) {
541  $sRet = ($blForceSid ? $this->getForcedName() : $this->getName()) . "=" . $this->getId();
542  }
543 
544  if ($this->isAdmin()) {
545  // admin mode always has to have token
546  if ($sRet) {
547  $sRet .= '&amp;';
548  }
549  $sRet .= 'stoken=' . $this->getSessionChallengeToken();
550  }
551 
552  return $sRet;
553  }
554 
560  public function hiddenSid()
561  {
562  $sSid = $sToken = '';
563  if ($this->isSidNeeded()) {
564  $sSid = "<input type=\"hidden\" name=\"" . $this->getForcedName() . "\" value=\"" . $this->getId() . "\" />";
565  }
566  if ($this->getId()) {
567  $sToken = "<input type=\"hidden\" name=\"stoken\" value=\"" . $this->getSessionChallengeToken() . "\" />";
568  }
569 
570  return $sToken . $sSid;
571  }
572 
578  public function getBasket()
579  {
580  if ($this->_oBasket === null) {
581  $sBasket = $this->getVariable($this->_getBasketName());
582 
583  //init oxbasketitem class first
584  //#1746
585  oxNew('oxbasketitem');
586 
587  // init oxbasket through oxNew and not oxAutoload, Mantis-Bug #0004262
588  $oEmptyBasket = oxNew('oxbasket');
589 
590  $oBasket = ($sBasket && ($oBasket = unserialize($sBasket))) ? $oBasket : null;
591 
592  if (!$oBasket || (get_class($oBasket) !== get_class($oEmptyBasket))) {
593  $oBasket = $oEmptyBasket;
594  }
595 
596  $this->_validateBasket($oBasket);
597  $this->setBasket($oBasket);
598  }
599 
600  return $this->_oBasket;
601  }
602 
610  protected function _validateBasket(oxBasket $oBasket)
611  {
612  $aCurrContent = $oBasket->getContents();
613  if (empty($aCurrContent)) {
614  return;
615  }
616 
617  $iCurrLang = oxRegistry::getLang()->getBaseLanguage();
618  foreach ($aCurrContent as $oContent) {
619  if ($oContent->getLanguageId() != $iCurrLang) {
620  $oContent->setLanguageId($iCurrLang);
621  }
622  }
623  }
624 
630  public function setBasket($oBasket)
631  {
632  // sets basket session object
633  $this->_oBasket = $oBasket;
634  }
635 
639  public function delBasket()
640  {
641  $this->setBasket(null);
642  $this->deleteVariable($this->_getBasketName());
643  }
644 
650  public function isNewSession()
651  {
652  return self::$_blIsNewSession;
653  }
654 
659  public function setForceNewSession()
660  {
661  $this->_blForceNewSession = true;
662  }
663 
671  public function isSidNeeded($sUrl = null)
672  {
673  if ($this->isAdmin()) {
674  return true;
675  }
676 
677  $oConfig = $this->getConfig();
678 
679  if (!$this->_getSessionUseCookies() || ($sUrl && $this->_getCookieSid() && !$oConfig->isCurrentProtocol($sUrl))) {
680  // switching from ssl to non ssl or vice versa?
681  return true;
682  }
683 
684  if ($sUrl && !$oConfig->isCurrentUrl($sUrl)) {
685  return true;
686  } elseif ($this->_blSidNeeded === null) {
687  // setting initial state
688  $this->_blSidNeeded = false;
689 
690  // no SIDs for search engines
691  if (!oxRegistry::getUtils()->isSearchEngine()) {
692  // cookie found - SID is not needed
693  if (oxRegistry::get("oxUtilsServer")->getOxCookie($this->getName())) {
694  $this->_blSidNeeded = false;
695  } elseif ($this->_forceSessionStart()) {
696  $this->_blSidNeeded = true;
697  } else {
698  // no cookie, so must check session
699  if ($blSidNeeded = $this->getVariable('blSidNeeded')) {
700  $this->_blSidNeeded = true;
701  } elseif ($this->_isSessionRequiredAction()) {
702 
703  if (!count($_COOKIE)) {
704  $this->_blSidNeeded = true;
705 
706  // storing to session, performance..
707  $this->setVariable('blSidNeeded', $this->_blSidNeeded);
708  }
709  }
710  }
711  }
712  }
713 
714  return $this->_blSidNeeded;
715  }
716 
724  public function isActualSidInCookie()
725  {
726  $blReturn = (isset($_COOKIE[$this->getName()]) && ($_COOKIE[$this->getName()] == $this->getId()));
727 
728  return $blReturn;
729  }
730 
742  public function processUrl($sUrl)
743  {
744  $blSid = $this->isSidNeeded($sUrl);
745 
746  if ($blSid) {
747  $sSid = $this->sid($blSid);
748 
749  if ($sSid) {
750 
751  $oStr = getStr();
752  $aUrlParts = explode('#', $sUrl);
753  if (!$oStr->preg_match('/(\?|&(amp;)?)sid=/i', $aUrlParts[0]) && (false === $oStr->strpos($aUrlParts[0], $sSid))) {
754  if (!$oStr->preg_match('/(\?|&(amp;)?)$/', $sUrl)) {
755  $aUrlParts[0] .= ($oStr->strstr($aUrlParts[0], '?') !== false ? '&amp;' : '?');
756  }
757  $aUrlParts[0] .= $sSid . '&amp;';
758  }
759  $sUrl = join('#', $aUrlParts);
760  }
761  }
762 
763  return $sUrl;
764  }
765 
775  public function getRemoteAccessToken($blGenerateNew = true)
776  {
777  $sToken = $this->getVariable('_rtoken');
778  if (!$sToken && $blGenerateNew) {
779  $sToken = md5(rand() . $this->getId());
780  $sToken = substr($sToken, 0, 8);
781  $this->setVariable('_rtoken', $sToken);
782  }
783 
784  return $sToken;
785  }
786 
793  protected function _forceSessionStart()
794  {
795  return (!oxRegistry::getUtils()->isSearchEngine()) && ((( bool ) $this->getConfig()->getConfigParam('blForceSessionStart')) || $this->getConfig()->getRequestParameter("su") || $this->_blForceNewSession);
796  }
797 
803  protected function _allowSessionStart()
804  {
805  $blAllowSessionStart = true;
806  $myConfig = $this->getConfig();
807 
808  // special handling only in non-admin mode
809  if (!$this->isAdmin()) {
810  if (oxRegistry::getUtils()->isSearchEngine() || $myConfig->getRequestParameter('skipSession')) {
811  $blAllowSessionStart = false;
812  } elseif (oxRegistry::get("oxUtilsServer")->getOxCookie('oxid_' . $myConfig->getShopId() . '_autologin') === '1') {
813  $blAllowSessionStart = true;
814  } elseif (!$this->_forceSessionStart() && !oxRegistry::get("oxUtilsServer")->getOxCookie('sid_key')) {
815 
816  // session is not needed to start when it is not necessary:
817  // - no sid in request and also user executes no session connected action
818  // - no cookie set and user executes no session connected action
819  if (!oxRegistry::get("oxUtilsServer")->getOxCookie($this->getName()) &&
820  !($myConfig->getRequestParameter($this->getName()) || $myConfig->getRequestParameter($this->getForcedName())) &&
821  !$this->_isSessionRequiredAction()
822  ) {
823  $blAllowSessionStart = false;
824  }
825  }
826  }
827 
828  return $blAllowSessionStart;
829  }
830 
838  protected function _isSwappedClient()
839  {
840  $blSwapped = false;
841  $myUtilsServer = oxRegistry::get("oxUtilsServer");
842 
843  // check only for non search engines
844  if (!oxRegistry::getUtils()->isSearchEngine() && !$myUtilsServer->isTrustedClientIp() && !$this->_isValidRemoteAccessToken()) {
845 
846  $myConfig = $this->getConfig();
847 
848  // checking if session user agent matches actual
849  $blSwapped = $this->_checkUserAgent($myUtilsServer->getServerVar('HTTP_USER_AGENT'), $this->getVariable('sessionagent'));
850  if (!$blSwapped) {
851  // @deprecated since v5.3.0 (2016-05-24); Implement your own session handler with a module.
852  if ($myConfig->getConfigParam('blAdodbSessionHandler')) {
853  $blSwapped = $this->_checkSid();
854  }
855 
856  if (!$blSwapped) {
857  $blDisableCookieCheck = $myConfig->getConfigParam('blDisableCookieCheck');
858  $blUseCookies = $this->_getSessionUseCookies();
859  if (!$blDisableCookieCheck && $blUseCookies) {
860  $blSwapped = $this->_checkCookies($myUtilsServer->getOxCookie('sid_key'), $this->getVariable("sessioncookieisset"));
861  }
862  }
863  // END deprecated
864  }
865  }
866 
867  return $blSwapped;
868  }
869 
878  protected function _checkUserAgent($sAgent, $sExistingAgent)
879  {
880  $blCheck = false;
881 
882  // processing
883  $oUtils = oxRegistry::get("oxUtilsServer");
884  $sAgent = $oUtils->processUserAgentInfo($sAgent);
885  $sExistingAgent = $oUtils->processUserAgentInfo($sExistingAgent);
886 
887  if ($sAgent && $sAgent !== $sExistingAgent) {
888  if ($sExistingAgent) {
889  $this->_sErrorMsg = "Different browser ({$sExistingAgent}, {$sAgent}), creating new SID...<br>";
890  }
891  $blCheck = true;
892  }
893 
894  return $blCheck;
895  }
896 
904  protected function _checkSid()
905  {
906  $oDb = oxDb::getDb();
907  //matze changed sesskey to SessionID because structure of oxsession changed!!
908  $sSID = $oDb->getOne("select SessionID from oxsessions where SessionID = " . $oDb->quote($this->getId()));
909 
910  //2007-05-14
911  //we check _blNewSession as well as this may be actually new session not written to db yet
912  if (!$this->_blNewSession && (!isset($sSID) || !$sSID)) {
913  // this means, that this session has expired in the past and someone uses this sid to reactivate it
914  $this->_sErrorMsg = "Session has expired in the past and someone uses this sid to reactivate it, creating new SID...<br>";
915 
916  return true;
917  }
918 
919  return false;
920  }
921 
931  protected function _checkCookies($sCookieSid, $aSessCookieSetOnce)
932  {
933  $blSwapped = false;
934  $myConfig = $this->getConfig();
935  $sCurrUrl = $myConfig->isSsl() ? $myConfig->getSslShopUrl() : $myConfig->getShopUrl();
936 
937  $blSessCookieSetOnce = false;
938  if (is_array($aSessCookieSetOnce) && isset($aSessCookieSetOnce[$sCurrUrl])) {
939  $blSessCookieSetOnce = $aSessCookieSetOnce[$sCurrUrl];
940  }
941 
942  //if cookie was there once but now is gone it means we have to reset
943  if ($blSessCookieSetOnce && !$sCookieSid) {
944  if ($myConfig->getConfigParam('iDebug')) {
945  $this->_sErrorMsg = "Cookie not found, creating new SID...<br>";
946  $this->_sErrorMsg .= "Cookie: $sCookieSid<br>";
947  $this->_sErrorMsg .= "Session: $blSessCookieSetOnce<br>";
948  $this->_sErrorMsg .= "URL: " . $sCurrUrl . "<br>";
949  }
950  $blSwapped = true;
951  }
952 
953  //if we detect the cookie then set session var for possible later use
954  if ($sCookieSid == "oxid" && !$blSessCookieSetOnce) {
955  if (!is_array($aSessCookieSetOnce)) {
956  $aSessCookieSetOnce = array();
957  }
958 
959  $aSessCookieSetOnce[$sCurrUrl] = "ox_true";
960  $this->setVariable("sessioncookieisset", $aSessCookieSetOnce);
961  }
962 
963  //if we have no cookie then try to set it
964  if (!$sCookieSid) {
965  oxRegistry::get("oxUtilsServer")->setOxCookie('sid_key', 'oxid');
966  }
967 
968  return $blSwapped;
969  }
970 
978  protected function _setSessionId($sSessId)
979  {
980  //marking this session as new one, as it might be not writen to db yet
981  if ($sSessId && session_id() != $sSessId) {
982  $this->_blNewSession = true;
983  }
984 
985  session_id($sSessId);
986 
987  $this->setId($sSessId);
988 
989  $blUseCookies = $this->_getSessionUseCookies();
990 
991  if (!$this->_allowSessionStart()) {
992  if ($blUseCookies) {
993  oxRegistry::get("oxUtilsServer")->setOxCookie($this->getName(), null);
994  }
995 
996  return;
997  }
998 
999  if ($blUseCookies) {
1000  //setting session cookie
1001  oxRegistry::get("oxUtilsServer")->setOxCookie($this->getName(), $sSessId);
1002  }
1003  }
1004 
1010  protected function _getBasketName()
1011  {
1012  $myConfig = $this->getConfig();
1013  if ($myConfig->getConfigParam('blMallSharedBasket') == 0) {
1014  return $myConfig->getShopId() . "_basket";
1015  }
1016 
1017  return "basket";
1018  }
1019 
1025  protected function _getCookieSid()
1026  {
1027  return oxRegistry::get("oxUtilsServer")->getOxCookie($this->getName());
1028  }
1029 
1036  protected function _getRequireSessionWithParams()
1037  {
1038  $aCfgArray = $this->getConfig()->getConfigParam('aRequireSessionWithParams');
1039  if (is_array($aCfgArray)) {
1041  foreach ($aCfgArray as $key => $val) {
1042  if (!is_array($val) && $val) {
1043  unset($aDefault[$key]);
1044  }
1045  }
1046 
1047  return array_merge_recursive($aCfgArray, $aDefault);
1048  }
1049 
1051  }
1052 
1058  protected function _isSessionRequiredAction()
1059  {
1060  foreach ($this->_getRequireSessionWithParams() as $sParam => $aValues) {
1061  $sValue = $this->getConfig()->getRequestParameter($sParam);
1062  if (isset($sValue)) {
1063  if (is_array($aValues)) {
1064  if (isset($aValues[$sValue]) && $aValues[$sValue]) {
1065  return true;
1066  }
1067  } elseif ($aValues) {
1068  return true;
1069  }
1070  }
1071  }
1072 
1073  return (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST');
1074  }
1075 
1081  protected function _getSessionUseCookies()
1082  {
1083  return $this->isAdmin() || $this->getConfig()->getConfigParam('blSessionUseCookies');
1084  }
1085 
1091  protected function _isValidRemoteAccessToken()
1092  {
1093  $sInputToken = $this->getConfig()->getRequestParameter('rtoken');
1094  $sToken = $this->getRemoteAccessToken(false);
1095  $blValid = !empty($sInputToken) ? ($sToken === $sInputToken) : false;
1096 
1097  return $blValid;
1098  }
1099 
1105  public function getBasketReservations()
1106  {
1107  if (!$this->_oBasketReservations) {
1108  $this->_oBasketReservations = oxNew('oxBasketReservation');
1109  }
1110 
1112  }
1113 
1119  public function isHeaderSent()
1120  {
1121  return headers_sent();
1122  }
1123 
1129  public function isSessionStarted()
1130  {
1131  return $this->_blStarted;
1132  }
1133 
1134 }