88 lines
2.2 KiB
PHP
88 lines
2.2 KiB
PHP
<?php
|
|
// src/Session.php
|
|
|
|
declare(strict_types=1);
|
|
|
|
class Session
|
|
{
|
|
public static function start(): void
|
|
{
|
|
if (session_status() !== PHP_SESSION_ACTIVE) {
|
|
// Etwas härtere Session-Cookies
|
|
session_set_cookie_params([
|
|
'lifetime' => 0,
|
|
'path' => '/',
|
|
'secure' => isset($_SERVER['HTTPS']),
|
|
'httponly' => true,
|
|
'samesite' => 'Lax',
|
|
]);
|
|
session_start();
|
|
}
|
|
}
|
|
|
|
public static function regenerate(): void
|
|
{
|
|
if (session_status() === PHP_SESSION_ACTIVE) {
|
|
session_regenerate_id(true);
|
|
}
|
|
}
|
|
|
|
public static function set(string $key, mixed $value): void
|
|
{
|
|
$_SESSION[$key] = $value;
|
|
}
|
|
|
|
public static function get(string $key, mixed $default = null): mixed
|
|
{
|
|
return $_SESSION[$key] ?? $default;
|
|
}
|
|
|
|
public static function remove(string $key): void
|
|
{
|
|
unset($_SESSION[$key]);
|
|
}
|
|
|
|
public static function destroy(): void
|
|
{
|
|
if (session_status() === PHP_SESSION_ACTIVE) {
|
|
$_SESSION = [];
|
|
if (ini_get("session.use_cookies")) {
|
|
$params = session_get_cookie_params();
|
|
setcookie(
|
|
session_name(),
|
|
'',
|
|
time() - 42000,
|
|
$params["path"],
|
|
$params["domain"],
|
|
$params["secure"],
|
|
$params["httponly"]
|
|
);
|
|
}
|
|
session_destroy();
|
|
}
|
|
}
|
|
|
|
public static function csrfToken(): string
|
|
{
|
|
self::start();
|
|
if (!isset($_SESSION['_csrf_token'])) {
|
|
$_SESSION['_csrf_token'] = bin2hex(random_bytes(32));
|
|
}
|
|
return $_SESSION['_csrf_token'];
|
|
}
|
|
|
|
public static function validateCsrf(?string $token): bool
|
|
{
|
|
self::start();
|
|
if (!isset($_SESSION['_csrf_token']) || !$token) {
|
|
return false;
|
|
}
|
|
$valid = hash_equals($_SESSION['_csrf_token'], $token);
|
|
if ($valid) {
|
|
// Optional: Token nach Benutzung rotieren
|
|
unset($_SESSION['_csrf_token']);
|
|
}
|
|
return $valid;
|
|
}
|
|
}
|