session_api.module in Session API 6

<?php

/**
 * @file
 * The Session API module provides a quick interface for storing
 * information in the session.
 */

/**
 * Determine if cookies are enabled.
 */
function session_api_available() {
  return !empty($_COOKIE);
}

/**
 * Create an empty string cookie. This is useful for fooling the
 * session_api_available() function when using Pressflow, which does not set
 * a cookie for anonymous users.
 */
function session_api_start_session() {
  if (!isset($_COOKIE['session_api_session'])) {
    $_COOKIE['session_api_session'] = '';
  }
}

/**
 * Return a Session API ID corresponding to the current session.
 * The session id is a created using the same method as Drupal 7 core
 * as defined in includes/session.inc.
 * @param boolean create set this to FALSE if you don't want to create a session
 * cookie if it doesn't already exist.
 */
function session_api_get_sid($create = TRUE) {
  static $sid;
  if (!session_api_available()) {
    return FALSE;
  }
  if (!isset($sid) || !$sid) {
    $sid = FALSE;

    // First, check if we already have an active session.
    if (isset($_COOKIE['session_api_session']) && $_COOKIE['session_api_session']) {
      $session_id = $_COOKIE['session_api_session'];
      $sid = db_result(db_query("SELECT sid FROM {session_api} WHERE session_id = '%s'", array(
        ':session_id' => $session_id,
      )));
    }
    else {
      if (!$create) {

        // Return a negative value here, since it won't collide with any
        // session_api IDs.
        return -1;
      }
      else {
        $data = uniqid(mt_rand(), true);
        $hash = base64_encode(hash('sha256', $data, TRUE));
        $hash = strtr($hash, array(
          '+' => '-',
          '/' => '_',
          '=' => '',
        ));
        $session_id = $hash;
      }
    }

    // For the cookie we use the same domain that Drupal's own session cookie uses.
    $cookie_domain = ini_get('session.cookie_domain');

    // Update the session timeout.
    if ($sid) {
      $rec = new stdClass();
      $rec->sid = $sid;
      $rec->session_id = $session_id;
      drupal_write_record('session_api', $rec, 'sid');
      setcookie('session_api_session', $session_id, time() + variable_get('session_api_cookie_expire_time', 2592000), '/', $cookie_domain);
    }
    else {
      $rec = new stdClass();
      $rec->session_id = $session_id;
      drupal_write_record('session_api', $rec);
      $sid = $rec->sid;

      // Set cookie.
      setcookie('session_api_session', $session_id, time() + variable_get('session_api_cookie_expire_time', 2592000), '/', $cookie_domain);
    }
  }
  return $sid;
}

/**
 * Implementation of hook_menu().
 */
function session_api_menu() {
  $items['admin/settings/session-api'] = array(
    'title' => t('Session API Configuration'),
    'description' => t('Configure Session API behavior'),
    'access arguments' => array(
      'administer site configuration',
    ),
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'session_api_settings_form',
    ),
    'file' => 'session_api.admin.inc',
  );
  return $items;
}

/**
 * Implementation of hook_cron().
 */
function session_api_cron() {

  // Fetch list of outdated sids.
  $result = db_query("SELECT sap.sid FROM {session_api} sap LEFT JOIN {sessions} s ON (sap.session_id = s.sid) WHERE s.sid IS NULL");
  $outdated_sids = array();
  while ($session = db_fetch_object($result)) {
    $outdated_sids[] = $session->sid;
  }
  if (!empty($outdated_sids)) {
    module_invoke_all('session_api_cleanup', $outdated_sids);
    db_query('DELETE FROM {session_api} WHERE sid IN (' . db_placeholders($outdated_sids, 'varchar') . ')');
  }
}

/**
 * Implementation of hook_simpletest().
 */
function session_api_simpletest() {
  $module_name = 'session_api';
  $dir = drupal_get_path('module', $module_name) . '/tests';
  $tests = file_scan_directory($dir, '\\.test$');
  return array_keys($tests);
}