Edit File by line
/home/zeestwma/richards.../wp-conte.../plugins/woocomme.../includes
File: class-wc-session-handler.php
<?php // phpcs:ignore Generic.PHP.RequireStrictTypes.MissingDeclaration
[0] Fix | Delete
/**
[1] Fix | Delete
* Handle data for the current customers session.
[2] Fix | Delete
* Implements the WC_Session abstract class.
[3] Fix | Delete
*
[4] Fix | Delete
* From 2.5 this uses a custom table for session storage. Based on https://github.com/kloon/woocommerce-large-sessions.
[5] Fix | Delete
*
[6] Fix | Delete
* @class WC_Session_Handler
[7] Fix | Delete
* @package WooCommerce\Classes
[8] Fix | Delete
* @internal "Missing required strict_types declaration" rule has been ignored to prevent errors with `StringUtil::starts_with` when used on a nonce action which could be -1 rather than a string.
[9] Fix | Delete
*/
[10] Fix | Delete
[11] Fix | Delete
use Automattic\Jetpack\Constants;
[12] Fix | Delete
use Automattic\WooCommerce\Utilities\StringUtil;
[13] Fix | Delete
use Automattic\WooCommerce\StoreApi\Utilities\CartTokenUtils;
[14] Fix | Delete
[15] Fix | Delete
defined( 'ABSPATH' ) || exit;
[16] Fix | Delete
[17] Fix | Delete
/**
[18] Fix | Delete
* Session handler class.
[19] Fix | Delete
*/
[20] Fix | Delete
class WC_Session_Handler extends WC_Session {
[21] Fix | Delete
[22] Fix | Delete
/**
[23] Fix | Delete
* Cookie name used for the session.
[24] Fix | Delete
*
[25] Fix | Delete
* @var string cookie name
[26] Fix | Delete
*/
[27] Fix | Delete
protected $_cookie; // phpcs:ignore PSR2.Classes.PropertyDeclaration.Underscore
[28] Fix | Delete
[29] Fix | Delete
/**
[30] Fix | Delete
* Stores session expiry.
[31] Fix | Delete
*
[32] Fix | Delete
* @var string session due to expire timestamp
[33] Fix | Delete
*/
[34] Fix | Delete
protected $_session_expiring; // phpcs:ignore PSR2.Classes.PropertyDeclaration.Underscore
[35] Fix | Delete
[36] Fix | Delete
/**
[37] Fix | Delete
* Stores session due to expire timestamp.
[38] Fix | Delete
*
[39] Fix | Delete
* @var string session expiration timestamp
[40] Fix | Delete
*/
[41] Fix | Delete
protected $_session_expiration; // phpcs:ignore PSR2.Classes.PropertyDeclaration.Underscore
[42] Fix | Delete
[43] Fix | Delete
/**
[44] Fix | Delete
* True when the cookie exists.
[45] Fix | Delete
*
[46] Fix | Delete
* @var bool Based on whether a cookie exists.
[47] Fix | Delete
*/
[48] Fix | Delete
protected $_has_cookie = false; // phpcs:ignore PSR2.Classes.PropertyDeclaration.Underscore
[49] Fix | Delete
[50] Fix | Delete
/**
[51] Fix | Delete
* Table name for session data.
[52] Fix | Delete
*
[53] Fix | Delete
* @var string Custom session table name
[54] Fix | Delete
*/
[55] Fix | Delete
protected $_table; // phpcs:ignore PSR2.Classes.PropertyDeclaration.Underscore
[56] Fix | Delete
[57] Fix | Delete
/**
[58] Fix | Delete
* Constructor for the session class.
[59] Fix | Delete
*/
[60] Fix | Delete
public function __construct() {
[61] Fix | Delete
/**
[62] Fix | Delete
* Filter the cookie name.
[63] Fix | Delete
*
[64] Fix | Delete
* @since 3.6.0
[65] Fix | Delete
*
[66] Fix | Delete
* @param string $cookie Cookie name.
[67] Fix | Delete
*/
[68] Fix | Delete
$this->_cookie = apply_filters( 'woocommerce_cookie', 'wp_woocommerce_session_' . COOKIEHASH );
[69] Fix | Delete
$this->_table = $GLOBALS['wpdb']->prefix . 'woocommerce_sessions';
[70] Fix | Delete
$this->set_session_expiration();
[71] Fix | Delete
}
[72] Fix | Delete
[73] Fix | Delete
/**
[74] Fix | Delete
* Init hooks and session data.
[75] Fix | Delete
*
[76] Fix | Delete
* @since 3.3.0
[77] Fix | Delete
*/
[78] Fix | Delete
public function init() {
[79] Fix | Delete
$this->init_hooks();
[80] Fix | Delete
$this->init_session();
[81] Fix | Delete
}
[82] Fix | Delete
[83] Fix | Delete
/**
[84] Fix | Delete
* Initialize the hooks.
[85] Fix | Delete
*/
[86] Fix | Delete
protected function init_hooks() {
[87] Fix | Delete
add_action( 'woocommerce_set_cart_cookies', array( $this, 'set_customer_session_cookie' ), 10 );
[88] Fix | Delete
add_action( 'wp', array( $this, 'maybe_set_customer_session_cookie' ), 99 );
[89] Fix | Delete
add_action( 'shutdown', array( $this, 'save_data' ), 20 );
[90] Fix | Delete
add_action( 'wp_logout', array( $this, 'destroy_session' ) );
[91] Fix | Delete
[92] Fix | Delete
if ( ! is_user_logged_in() ) {
[93] Fix | Delete
add_filter( 'nonce_user_logged_out', array( $this, 'maybe_update_nonce_user_logged_out' ), 10, 2 );
[94] Fix | Delete
}
[95] Fix | Delete
}
[96] Fix | Delete
[97] Fix | Delete
/**
[98] Fix | Delete
* Initialize the session from either the request or the cookie.
[99] Fix | Delete
*/
[100] Fix | Delete
private function init_session() {
[101] Fix | Delete
if ( ! $this->init_session_from_request() ) {
[102] Fix | Delete
$this->init_session_cookie();
[103] Fix | Delete
}
[104] Fix | Delete
}
[105] Fix | Delete
[106] Fix | Delete
/**
[107] Fix | Delete
* Initialize the session from the query string parameter.
[108] Fix | Delete
*
[109] Fix | Delete
* If the current user is logged in, the token session will replace the current user's session.
[110] Fix | Delete
* If the current user is logged out, the token session will be cloned to a new session.
[111] Fix | Delete
*
[112] Fix | Delete
* Only guest sessions are restored, hence the check for the t_ prefix on the customer ID.
[113] Fix | Delete
*
[114] Fix | Delete
* @return bool
[115] Fix | Delete
*/
[116] Fix | Delete
private function init_session_from_request() {
[117] Fix | Delete
$session_token = wc_clean( wp_unslash( $_GET['session'] ?? '' ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
[118] Fix | Delete
[119] Fix | Delete
if ( empty( $session_token ) || ! CartTokenUtils::validate_cart_token( $session_token ) ) {
[120] Fix | Delete
return false;
[121] Fix | Delete
}
[122] Fix | Delete
[123] Fix | Delete
$payload = CartTokenUtils::get_cart_token_payload( $session_token );
[124] Fix | Delete
[125] Fix | Delete
if ( ! $this->is_customer_guest( $payload['user_id'] ) || ! $this->session_exists( $payload['user_id'] ) ) {
[126] Fix | Delete
return false;
[127] Fix | Delete
}
[128] Fix | Delete
[129] Fix | Delete
// Check to see if the current user has a session before proceeding with token handling.
[130] Fix | Delete
$cookie = $this->get_session_cookie();
[131] Fix | Delete
[132] Fix | Delete
if ( $cookie ) {
[133] Fix | Delete
// User owns this token. Return and use cookie session.
[134] Fix | Delete
if ( $cookie[0] === $payload['user_id'] ) {
[135] Fix | Delete
return false;
[136] Fix | Delete
}
[137] Fix | Delete
[138] Fix | Delete
$cookie_session_data = $this->get_session( $cookie[0] );
[139] Fix | Delete
[140] Fix | Delete
// Cookie session was originally created via this token. Return and use cookie session to prevent creating a new clone.
[141] Fix | Delete
if ( isset( $cookie_session_data['previous_customer_id'] ) && $cookie_session_data['previous_customer_id'] === $payload['user_id'] ) {
[142] Fix | Delete
return false;
[143] Fix | Delete
}
[144] Fix | Delete
}
[145] Fix | Delete
[146] Fix | Delete
// Generate new customer ID for the new session before cloning the data.
[147] Fix | Delete
$this->_customer_id = $this->generate_customer_id();
[148] Fix | Delete
$this->set_customer_session_cookie( true );
[149] Fix | Delete
$this->clone_session_data( $payload['user_id'] );
[150] Fix | Delete
[151] Fix | Delete
return true;
[152] Fix | Delete
}
[153] Fix | Delete
[154] Fix | Delete
/**
[155] Fix | Delete
* Setup cookie and customer ID.
[156] Fix | Delete
*
[157] Fix | Delete
* @since 3.6.0
[158] Fix | Delete
*/
[159] Fix | Delete
public function init_session_cookie() {
[160] Fix | Delete
$cookie = $this->get_session_cookie();
[161] Fix | Delete
[162] Fix | Delete
if ( ! $cookie ) {
[163] Fix | Delete
// If there is no cookie, generate a new session/customer ID.
[164] Fix | Delete
$this->_customer_id = $this->generate_customer_id();
[165] Fix | Delete
$this->_data = $this->get_session_data();
[166] Fix | Delete
return;
[167] Fix | Delete
}
[168] Fix | Delete
[169] Fix | Delete
// Customer ID will be an MD5 hash id this is a guest session.
[170] Fix | Delete
$this->_customer_id = $cookie[0];
[171] Fix | Delete
$this->_session_expiration = $cookie[1];
[172] Fix | Delete
$this->_session_expiring = $cookie[2];
[173] Fix | Delete
$this->_has_cookie = true;
[174] Fix | Delete
[175] Fix | Delete
$this->restore_session_data();
[176] Fix | Delete
[177] Fix | Delete
/**
[178] Fix | Delete
* This clears the session if the cookie is invalid.
[179] Fix | Delete
*
[180] Fix | Delete
* Previously this also cleared the session when $this->_data was empty, and the cart was not yet initialised,
[181] Fix | Delete
* however this caused a conflict with WooCommerce Payments session handler which overrides this class.
[182] Fix | Delete
*
[183] Fix | Delete
* Ref: https://github.com/woocommerce/woocommerce/pull/57652
[184] Fix | Delete
* See also: https://github.com/woocommerce/woocommerce/pull/59530
[185] Fix | Delete
*/
[186] Fix | Delete
if ( ! $this->is_session_cookie_valid() ) {
[187] Fix | Delete
$this->destroy_session();
[188] Fix | Delete
}
[189] Fix | Delete
[190] Fix | Delete
// If the user logs in, update session.
[191] Fix | Delete
if ( is_user_logged_in() && strval( get_current_user_id() ) !== $this->_customer_id ) {
[192] Fix | Delete
$this->migrate_guest_session_to_user_session( get_current_user_id() );
[193] Fix | Delete
}
[194] Fix | Delete
[195] Fix | Delete
// Update session if its close to expiring.
[196] Fix | Delete
if ( $this->is_session_expiring() ) {
[197] Fix | Delete
$this->set_session_expiration();
[198] Fix | Delete
$this->update_session_timestamp( $this->_customer_id, $this->_session_expiration );
[199] Fix | Delete
}
[200] Fix | Delete
}
[201] Fix | Delete
[202] Fix | Delete
/**
[203] Fix | Delete
* Clones a session to the current session. Exclude customer details for privacy reasons.
[204] Fix | Delete
*
[205] Fix | Delete
* @param string $clone_from_customer_id The customer ID to clone from.
[206] Fix | Delete
*/
[207] Fix | Delete
private function clone_session_data( string $clone_from_customer_id ) {
[208] Fix | Delete
$session_data = $this->get_session( $clone_from_customer_id, array() );
[209] Fix | Delete
$session_data['previous_customer_id'] = $clone_from_customer_id;
[210] Fix | Delete
$session_data = array_diff_key( $session_data, array( 'customer' => true ) );
[211] Fix | Delete
$this->_data = $session_data;
[212] Fix | Delete
$this->_dirty = true;
[213] Fix | Delete
$this->save_data();
[214] Fix | Delete
}
[215] Fix | Delete
[216] Fix | Delete
/**
[217] Fix | Delete
* Migrates a guest session to a user session.
[218] Fix | Delete
*/
[219] Fix | Delete
private function migrate_guest_session_to_user_session() {
[220] Fix | Delete
$guest_session_id = $this->_customer_id;
[221] Fix | Delete
$user_session_id = (string) get_current_user_id();
[222] Fix | Delete
[223] Fix | Delete
$this->_data = $this->get_session( $guest_session_id, array() );
[224] Fix | Delete
$this->_dirty = true;
[225] Fix | Delete
$this->_customer_id = $user_session_id;
[226] Fix | Delete
$this->save_data( $guest_session_id );
[227] Fix | Delete
[228] Fix | Delete
/**
[229] Fix | Delete
* Fires after a customer has logged in, and their guest session id has been
[230] Fix | Delete
* deleted with its data migrated to a customer id.
[231] Fix | Delete
*
[232] Fix | Delete
* This hook gives extensions the chance to connect the old session id to the
[233] Fix | Delete
* customer id, if the key is being used externally.
[234] Fix | Delete
*
[235] Fix | Delete
* @since 8.8.0
[236] Fix | Delete
*
[237] Fix | Delete
* @param string $guest_session_id The former session ID, as generated by `::generate_customer_id()`.
[238] Fix | Delete
* @param string $user_session_id The Customer ID that the former session was converted to.
[239] Fix | Delete
*/
[240] Fix | Delete
do_action( 'woocommerce_guest_session_to_user_id', $guest_session_id, $this->_customer_id );
[241] Fix | Delete
}
[242] Fix | Delete
[243] Fix | Delete
/**
[244] Fix | Delete
* Restore the session data from the database.
[245] Fix | Delete
*
[246] Fix | Delete
* @since 10.0.0
[247] Fix | Delete
*/
[248] Fix | Delete
private function restore_session_data() {
[249] Fix | Delete
$session_data = $this->get_session_data();
[250] Fix | Delete
[251] Fix | Delete
/**
[252] Fix | Delete
* Filters the session data when restoring from storage during initialization.
[253] Fix | Delete
*
[254] Fix | Delete
* This filter allows you to:
[255] Fix | Delete
* 1. Modify the session data before it's loaded, including adding or removing specific session data entries
[256] Fix | Delete
* 2. Clear the entire session by returning an empty array
[257] Fix | Delete
*
[258] Fix | Delete
* Note: If the filtered data is empty, the session will be destroyed and the
[259] Fix | Delete
* guest's session cookie will be removed. This can be useful for high-traffic
[260] Fix | Delete
* sites that prioritize page caching over maintaining all session data.
[261] Fix | Delete
*
[262] Fix | Delete
* @since 9.9.0
[263] Fix | Delete
*
[264] Fix | Delete
* @param array $session_data The session data loaded from storage.
[265] Fix | Delete
* @return array Modified session data to be used for initialization.
[266] Fix | Delete
*/
[267] Fix | Delete
$this->_data = apply_filters( 'woocommerce_restored_session_data', $session_data );
[268] Fix | Delete
}
[269] Fix | Delete
[270] Fix | Delete
/**
[271] Fix | Delete
* Checks if session cookie is expired, or belongs to a logged out user.
[272] Fix | Delete
*
[273] Fix | Delete
* @return bool Whether session cookie is valid.
[274] Fix | Delete
*/
[275] Fix | Delete
private function is_session_cookie_valid() {
[276] Fix | Delete
// If session is expired, session cookie is invalid.
[277] Fix | Delete
if ( time() > $this->_session_expiration ) {
[278] Fix | Delete
return false;
[279] Fix | Delete
}
[280] Fix | Delete
[281] Fix | Delete
// If user has logged out, session cookie is invalid.
[282] Fix | Delete
if ( ! is_user_logged_in() && ! $this->is_customer_guest( $this->_customer_id ) ) {
[283] Fix | Delete
return false;
[284] Fix | Delete
}
[285] Fix | Delete
[286] Fix | Delete
// Session from a different user is not valid. (Although from a guest user will be valid).
[287] Fix | Delete
if ( is_user_logged_in() && ! $this->is_customer_guest( $this->_customer_id ) && strval( get_current_user_id() ) !== $this->_customer_id ) {
[288] Fix | Delete
return false;
[289] Fix | Delete
}
[290] Fix | Delete
[291] Fix | Delete
return true;
[292] Fix | Delete
}
[293] Fix | Delete
[294] Fix | Delete
/**
[295] Fix | Delete
* Hooks into the wp action to maybe set the session cookie if the user is on a certain page e.g. a checkout endpoint.
[296] Fix | Delete
*
[297] Fix | Delete
* Certain gateways may rely on sessions and this ensures a session is present even if the customer does not have a
[298] Fix | Delete
* cart.
[299] Fix | Delete
*/
[300] Fix | Delete
public function maybe_set_customer_session_cookie() {
[301] Fix | Delete
if ( is_wc_endpoint_url( 'order-pay' ) ) {
[302] Fix | Delete
$this->set_customer_session_cookie( true );
[303] Fix | Delete
}
[304] Fix | Delete
}
[305] Fix | Delete
[306] Fix | Delete
/**
[307] Fix | Delete
* Hash a value using wp_fast_hash (from WP 6.8 onwards).
[308] Fix | Delete
*
[309] Fix | Delete
* This method can be removed when the minimum version supported is 6.8.
[310] Fix | Delete
*
[311] Fix | Delete
* @param string $message Value to hash.
[312] Fix | Delete
* @return string Hashed value.
[313] Fix | Delete
*/
[314] Fix | Delete
private function hash( $message ) {
[315] Fix | Delete
if ( function_exists( 'wp_fast_hash' ) ) {
[316] Fix | Delete
return wp_fast_hash( $message );
[317] Fix | Delete
}
[318] Fix | Delete
return hash_hmac( 'md5', $message, wp_hash( $message ) );
[319] Fix | Delete
}
[320] Fix | Delete
[321] Fix | Delete
/**
[322] Fix | Delete
* Verify a hash using wp_verify_fast_hash (from WP 6.8 onwards).
[323] Fix | Delete
*
[324] Fix | Delete
* This method can be removed when the minimum version supported is 6.8.
[325] Fix | Delete
*
[326] Fix | Delete
* @param string $message Message to verify.
[327] Fix | Delete
* @param string $hash Hash to verify.
[328] Fix | Delete
* @return bool Whether the hash is valid.
[329] Fix | Delete
*/
[330] Fix | Delete
private function verify_hash( $message, $hash ) {
[331] Fix | Delete
if ( function_exists( 'wp_verify_fast_hash' ) ) {
[332] Fix | Delete
return wp_verify_fast_hash( $message, $hash );
[333] Fix | Delete
}
[334] Fix | Delete
return hash_equals( hash_hmac( 'md5', $message, wp_hash( $message ) ), $hash );
[335] Fix | Delete
}
[336] Fix | Delete
[337] Fix | Delete
/**
[338] Fix | Delete
* Sets the session cookie on-demand (usually after adding an item to the cart).
[339] Fix | Delete
*
[340] Fix | Delete
* Since the cookie name (as of 2.1) is prepended with wp, cache systems like batcache will not cache pages when set.
[341] Fix | Delete
*
[342] Fix | Delete
* Warning: Cookies will only be set if this is called before the headers are sent.
[343] Fix | Delete
*
[344] Fix | Delete
* @param bool $set Should the session cookie be set.
[345] Fix | Delete
*/
[346] Fix | Delete
public function set_customer_session_cookie( $set ) {
[347] Fix | Delete
if ( $set ) {
[348] Fix | Delete
$cookie_hash = $this->hash( $this->_customer_id . '|' . $this->_session_expiration );
[349] Fix | Delete
$cookie_value = $this->_customer_id . '|' . $this->_session_expiration . '|' . $this->_session_expiring . '|' . $cookie_hash;
[350] Fix | Delete
[351] Fix | Delete
if ( ! isset( $_COOKIE[ $this->_cookie ] ) || $_COOKIE[ $this->_cookie ] !== $cookie_value ) {
[352] Fix | Delete
wc_setcookie( $this->_cookie, $cookie_value, $this->_session_expiration, $this->use_secure_cookie(), true );
[353] Fix | Delete
}
[354] Fix | Delete
[355] Fix | Delete
$this->_has_cookie = true;
[356] Fix | Delete
}
[357] Fix | Delete
}
[358] Fix | Delete
[359] Fix | Delete
/**
[360] Fix | Delete
* Should the session cookie be secure?
[361] Fix | Delete
*
[362] Fix | Delete
* @since 3.6.0
[363] Fix | Delete
* @return bool
[364] Fix | Delete
*/
[365] Fix | Delete
protected function use_secure_cookie() {
[366] Fix | Delete
/**
[367] Fix | Delete
* Filter whether to use a secure cookie.
[368] Fix | Delete
*
[369] Fix | Delete
* @since 3.6.0
[370] Fix | Delete
*
[371] Fix | Delete
* @param bool $use_secure_cookie Whether to use a secure cookie.
[372] Fix | Delete
*/
[373] Fix | Delete
return apply_filters( 'wc_session_use_secure_cookie', wc_site_is_https() && is_ssl() );
[374] Fix | Delete
}
[375] Fix | Delete
[376] Fix | Delete
/**
[377] Fix | Delete
* Return true if the current user has an active session, i.e. a cookie to retrieve values.
[378] Fix | Delete
*
[379] Fix | Delete
* @return bool
[380] Fix | Delete
*/
[381] Fix | Delete
public function has_session() {
[382] Fix | Delete
return isset( $_COOKIE[ $this->_cookie ] ) || $this->_has_cookie || is_user_logged_in();
[383] Fix | Delete
}
[384] Fix | Delete
[385] Fix | Delete
/**
[386] Fix | Delete
* Checks if the session is expiring.
[387] Fix | Delete
*
[388] Fix | Delete
* @return bool Whether session is expiring.
[389] Fix | Delete
*/
[390] Fix | Delete
private function is_session_expiring() {
[391] Fix | Delete
return time() > $this->_session_expiring;
[392] Fix | Delete
}
[393] Fix | Delete
[394] Fix | Delete
/**
[395] Fix | Delete
* Set session expiration.
[396] Fix | Delete
*/
[397] Fix | Delete
public function set_session_expiration() {
[398] Fix | Delete
$default_expiring_seconds = DAY_IN_SECONDS;
[399] Fix | Delete
$default_expiration_seconds = is_user_logged_in() ? WEEK_IN_SECONDS : 2 * DAY_IN_SECONDS;
[400] Fix | Delete
$max_expiration_seconds = MONTH_IN_SECONDS;
[401] Fix | Delete
$max_expiring_seconds = $max_expiration_seconds - DAY_IN_SECONDS;
[402] Fix | Delete
$session_limit_exceeded = false;
[403] Fix | Delete
[404] Fix | Delete
/**
[405] Fix | Delete
* Filters the session expiration.
[406] Fix | Delete
*
[407] Fix | Delete
* @since 5.0.0
[408] Fix | Delete
* @param int $expiration_seconds The expiration time in seconds.
[409] Fix | Delete
*/
[410] Fix | Delete
$expiring_seconds = intval( apply_filters( 'wc_session_expiring', $default_expiring_seconds ) ) ?: $default_expiring_seconds; // phpcs:ignore Universal.Operators.DisallowShortTernary.Found
[411] Fix | Delete
[412] Fix | Delete
if ( $expiring_seconds > $max_expiring_seconds ) {
[413] Fix | Delete
$expiring_seconds = $max_expiring_seconds;
[414] Fix | Delete
$session_limit_exceeded = true;
[415] Fix | Delete
}
[416] Fix | Delete
/**
[417] Fix | Delete
* Filters the session expiration.
[418] Fix | Delete
*
[419] Fix | Delete
* @since 5.0.0
[420] Fix | Delete
* @param int $expiration_seconds The expiration time in seconds.
[421] Fix | Delete
*/
[422] Fix | Delete
$expiration_seconds = intval( apply_filters( 'wc_session_expiration', $default_expiration_seconds ) ) ?: $default_expiration_seconds; // phpcs:ignore Universal.Operators.DisallowShortTernary.Found
[423] Fix | Delete
[424] Fix | Delete
// We limit the expiration time to 30 days to avoid performance issues and the session table growing too large.
[425] Fix | Delete
if ( $expiration_seconds > $max_expiration_seconds ) {
[426] Fix | Delete
$expiration_seconds = $max_expiration_seconds;
[427] Fix | Delete
$session_limit_exceeded = true;
[428] Fix | Delete
}
[429] Fix | Delete
[430] Fix | Delete
if ( $session_limit_exceeded ) {
[431] Fix | Delete
$transient_key = 'wc_session_handler_warning';
[432] Fix | Delete
if ( false === get_transient( $transient_key ) ) {
[433] Fix | Delete
wc_get_logger()->warning( sprintf( 'Keeping sessions for longer than %d days results in performance isues, expiry has been capped.', $max_expiration_seconds / DAY_IN_SECONDS ), array( 'source' => 'wc_session_handler' ) );
[434] Fix | Delete
set_transient( $transient_key, true, $max_expiration_seconds );
[435] Fix | Delete
}
[436] Fix | Delete
}
[437] Fix | Delete
[438] Fix | Delete
// If the expiring time is greater than the expiration time, set the expiring time to 90% of the expiration time.
[439] Fix | Delete
if ( $expiring_seconds > $expiration_seconds ) {
[440] Fix | Delete
$expiring_seconds = $expiration_seconds * 0.9;
[441] Fix | Delete
}
[442] Fix | Delete
[443] Fix | Delete
$this->_session_expiring = time() + $expiring_seconds;
[444] Fix | Delete
[445] Fix | Delete
$this->_session_expiration = time() + $expiration_seconds;
[446] Fix | Delete
}
[447] Fix | Delete
[448] Fix | Delete
/**
[449] Fix | Delete
* Generate a unique customer ID for guests, or return user ID if logged in.
[450] Fix | Delete
*
[451] Fix | Delete
* @return string
[452] Fix | Delete
*/
[453] Fix | Delete
public function generate_customer_id() {
[454] Fix | Delete
return is_user_logged_in() ? strval( get_current_user_id() ) : wc_rand_hash( 't_', 30 );
[455] Fix | Delete
}
[456] Fix | Delete
[457] Fix | Delete
/**
[458] Fix | Delete
* Checks if this is an auto-generated customer ID.
[459] Fix | Delete
*
[460] Fix | Delete
* @param string $customer_id Customer ID to check.
[461] Fix | Delete
* @return bool Whether customer ID is randomly generated.
[462] Fix | Delete
*/
[463] Fix | Delete
private function is_customer_guest( $customer_id ) {
[464] Fix | Delete
return empty( $customer_id ) || 't_' === substr( $customer_id, 0, 2 );
[465] Fix | Delete
}
[466] Fix | Delete
[467] Fix | Delete
/**
[468] Fix | Delete
* Get session unique ID for requests if session is initialized or user ID if logged in.
[469] Fix | Delete
* Introduced to help with unit tests.
[470] Fix | Delete
*
[471] Fix | Delete
* @since 5.3.0
[472] Fix | Delete
* @return string
[473] Fix | Delete
*/
[474] Fix | Delete
public function get_customer_unique_id() {
[475] Fix | Delete
$customer_id = '';
[476] Fix | Delete
[477] Fix | Delete
if ( $this->has_session() && $this->_customer_id ) {
[478] Fix | Delete
$customer_id = $this->_customer_id;
[479] Fix | Delete
} elseif ( is_user_logged_in() ) {
[480] Fix | Delete
$customer_id = (string) get_current_user_id();
[481] Fix | Delete
}
[482] Fix | Delete
[483] Fix | Delete
return $customer_id;
[484] Fix | Delete
}
[485] Fix | Delete
[486] Fix | Delete
/**
[487] Fix | Delete
* Get the session cookie, if set. Otherwise return false.
[488] Fix | Delete
*
[489] Fix | Delete
* Session cookies without a customer ID are invalid.
[490] Fix | Delete
*
[491] Fix | Delete
* @return bool|array
[492] Fix | Delete
*/
[493] Fix | Delete
public function get_session_cookie() {
[494] Fix | Delete
$cookie_value = isset( $_COOKIE[ $this->_cookie ] ) ? wc_clean( wp_unslash( (string) $_COOKIE[ $this->_cookie ] ) ) : '';
[495] Fix | Delete
[496] Fix | Delete
if ( empty( $cookie_value ) ) {
[497] Fix | Delete
return false;
[498] Fix | Delete
}
[499] Fix | Delete
12
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function