You are here

fb_session.inc in Drupal for Facebook 6.3

This file is a replacement for Drupal's session.inc. Although not truly a replacement, as we include the default session.inc to do the heavy lifting.

In this file we handle some special cases for iframe canvas pages by faking cookies in cases where browsers do not accept them. We do this here because we must set session_id early in the bootstrap process, and Drupal gives us no way to easily do that.

File

fb_session.inc
View source
<?php

/**
 * @file
 * This file is a replacement for Drupal's session.inc.  Although not
 * truly a replacement, as we include the default session.inc to do the heavy
 * lifting.
 *
 * In this file we handle some special cases for iframe canvas pages by faking
 * cookies in cases where browsers do not accept them.  We do this here
 * because we must set session_id early in the bootstrap process, and Drupal
 * gives us no way to easily do that.
 */

// Default session handler functions.
require 'includes/session.inc';

// When Drupal's bootstrap includes this file, we have a chance to spoof a
// session cookie.
if (isset($_COOKIE[session_name()])) {

  // Forget anything we thought we knew about session.
  fb_settings(FB_SETTINGS_CB_SESSION, FALSE);
}
elseif (fb_settings(FB_SETTINGS_TYPE) && fb_settings(FB_SETTINGS_TYPE) != 'connect') {
  $session_id = NULL;
  if ($token = fb_settings(FB_SETTINGS_TOKEN)) {

    // Learned token from signed_request or session.
    $session_id = md5($token);
    fb_settings(FB_SETTINGS_CB_SESSION, FALSE);
  }
  elseif (isset($_REQUEST['signed_request']) || isset($_REQUEST['session'])) {

    // Signed request, but no token means not logged in.
    // Parse session from URL.
    if ($session_id === NULL && function_exists('_fb_settings_parse')) {
      $session_id = _fb_settings_parse(FB_SETTINGS_CB_SESSION);
    }
    if (!$session_id) {

      // Generating an id and embedding in the URL will make a session where there would otherwise be none.
      $session_id = uniqid(mt_rand(), TRUE);

      // Embed session in URL.
      fb_settings(FB_SETTINGS_CB_SESSION, $session_id);
    }
  }

  // Spoof a cookie so Drupal's session.inc works as expected.
  if ($session_id) {
    session_id($session_id);
    $_COOKIE[session_name()] = session_id();
    $_COOKIE['_fb_session_cookie_fake'] = TRUE;
    $GLOBALS['_fb_session_id'] = $session_id;
  }
}

/**
 * When spoofing cookies, sess_regenerate causes problems when it changes the
 * session id.  Here we undo that change.  Called from fb_user.module.
 */
function fb_sess_regenerate_hack() {
  if (isset($GLOBALS['_fb_session_id'])) {
    $session_id = $GLOBALS['_fb_session_id'];
    db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", $session_id, session_id());
    session_id($session_id);
  }
}

Functions

Namesort descending Description
fb_sess_regenerate_hack When spoofing cookies, sess_regenerate causes problems when it changes the session id. Here we undo that change. Called from fb_user.module.