You are here

class MetadataBag in Drupal 9

Same name and namespace in other branches
  1. 8 core/lib/Drupal/Core/Session/MetadataBag.php \Drupal\Core\Session\MetadataBag

Provides a container for application specific session metadata.

Hierarchy

  • class \Drupal\Core\Session\MetadataBag extends \Symfony\Component\HttpFoundation\Session\Storage\MetadataBag

Expanded class hierarchy of MetadataBag

3 files declare their use of MetadataBag
CsrfTokenGenerator.php in core/lib/Drupal/Core/Access/CsrfTokenGenerator.php
MetadataBagTest.php in core/tests/Drupal/Tests/Core/Session/MetadataBagTest.php
SessionManagerTest.php in core/tests/Drupal/Tests/Core/Session/SessionManagerTest.php
1 string reference to 'MetadataBag'
core.services.yml in core/core.services.yml
core/core.services.yml
1 service uses MetadataBag
session_manager.metadata_bag in core/core.services.yml
Drupal\Core\Session\MetadataBag

File

core/lib/Drupal/Core/Session/MetadataBag.php, line 12

Namespace

Drupal\Core\Session
View source
class MetadataBag extends SymfonyMetadataBag {

  /**
   * The key used to store the CSRF token seed in the session.
   */
  const CSRF_TOKEN_SEED = 's';

  /**
   * Constructs a new metadata bag instance.
   *
   * @param \Drupal\Core\Site\Settings $settings
   *   The settings instance.
   */
  public function __construct(Settings $settings) {
    $update_threshold = $settings
      ->get('session_write_interval', 180);
    parent::__construct('_sf2_meta', $update_threshold);
  }

  /**
   * Set the CSRF token seed.
   *
   * @param string $csrf_token_seed
   *   The per-session CSRF token seed.
   */
  public function setCsrfTokenSeed($csrf_token_seed) {
    $this->meta[static::CSRF_TOKEN_SEED] = $csrf_token_seed;
  }

  /**
   * Get the CSRF token seed.
   *
   * @return string|null
   *   The per-session CSRF token seed or null when no value is set.
   */
  public function getCsrfTokenSeed() {
    if (isset($this->meta[static::CSRF_TOKEN_SEED])) {
      return $this->meta[static::CSRF_TOKEN_SEED];
    }
  }

  /**
   * {@inheritdoc}
   */
  public function stampNew($lifetime = NULL) {
    parent::stampNew($lifetime);

    // Set the token seed immediately to avoid a race condition between two
    // simultaneous requests without a seed.
    $this
      ->setCsrfTokenSeed(Crypt::randomBytesBase64());
  }

  /**
   * Clear the CSRF token seed.
   */
  public function clearCsrfTokenSeed() {
    @trigger_error('Calling ' . __METHOD__ . '() is deprecated in drupal:9.2.0 and will be removed in drupal:10.0.0. Use \\Drupal\\Core\\Session\\MetadataBag::stampNew() instead. See https://www.drupal.org/node/3187914', E_USER_DEPRECATED);
    unset($this->meta[static::CSRF_TOKEN_SEED]);
  }

}

Members

Namesort descending Modifiers Type Description Overrides
MetadataBag::clearCsrfTokenSeed public function Clear the CSRF token seed.
MetadataBag::CSRF_TOKEN_SEED constant The key used to store the CSRF token seed in the session.
MetadataBag::getCsrfTokenSeed public function Get the CSRF token seed.
MetadataBag::setCsrfTokenSeed public function Set the CSRF token seed.
MetadataBag::stampNew public function
MetadataBag::__construct public function Constructs a new metadata bag instance.