Commit Graph

132 Commits

Author SHA1 Message Date
Andrew Nicols 0f2a9becf9 MDL-83399 core: Coding style fixes 2025-03-19 12:02:41 +08:00
Jason Den Dulk 3d7c9a043a MDL-83399 core: Add ability for admins to login as other admins.
Add helper class to contain logic.
Add unit tests to test logic.
2025-03-18 12:48:25 +11:00
meirzamoodle b6d04b4882 MDL-84051 core: Call parent function to clear session data in the table 2025-02-25 08:50:35 +07:00
Jun Pataleta 5bb4758f77 Merge branch 'MDL-83753-main' of https://github.com/djarran/moodle 2025-02-05 18:05:40 +01:00
Huong Nguyen 83a027b132 Merge branch 'MDL-83822-main' of https://github.com/PhMemmel/moodle 2025-02-04 09:30:25 +07:00
Leon Stringer de059dbfe0 MDL-77185 session: Fix undefined disk_free_space
Fix PHP fatal error "Call to undefined function
core\session\disk_free_space()" when disable_functions=disk_free_space.
Prior to PHP 8.0 this error was suppressed by '@'.

Co-authored-by: Federico Alvarez <32086536+fedealvz@users.noreply.github.com>
2024-12-31 15:34:42 +00:00
djarrancotleanu 9d60aae85a MDL-83753 redis: Allow for configurable max retries setting 2024-12-19 14:19:14 +10:00
djarrancotleanu 50100d3106 MDL-83753 redis: Set connection and read timeouts to configurable value 2024-12-18 14:50:56 +10:00
meirzamoodle cacf7546b9 MDL-61316 core: Removed 5x multiplier from guest session expiration 2024-12-04 02:44:22 +00:00
Philipp Memmel ec338a7339 MDL-83822 core_session: Init redis connection in get_session_by_sid 2024-11-26 17:24:40 +01:00
Huong Nguyen 955f04af77 Merge branch 'MDL-83205-main' of https://github.com/andrewnicols/moodle 2024-09-27 11:26:42 +07:00
Huong Nguyen df1e264d29 Merge branch 'MDL-83085-main' of https://github.com/meirzamoodle/moodle 2024-09-24 10:35:18 +07:00
Andrew Nicols 7f8bc2008d MDL-83205 core: Ensure that redis lock expiry is valid
PHP allows the specification of invalid values for `max_execution_time`,
including negative values. These should be normalised the same way that
an empty (unlimited) value is.
2024-09-19 13:36:11 +08:00
Ilya Tregubov 6f9f396ec6 Merge branch 'MDL-81987_main' of https://github.com/marxjohnson/moodle 2024-09-19 12:42:50 +08:00
Matt Porritt 68ba22d80f MDL-83158 Unit tests: Exception when starting database session
Fixes an error where when reading a session the conditional
test never fails even when a session record doesn't
exist in the database.
2024-09-17 08:32:50 +10:00
meirzamoodle a933455be2 MDL-83085 redis: Use named parameters if supported 2024-09-11 12:15:14 +07:00
Ilya Tregubov 70ab6b9a28 MDL-66151 core: fix destroy method. 2024-09-03 11:56:46 +08:00
Trisha Milan e52fbd2f84 MDL-66151 Performance: Session Manager modularisation
Storage of session metadata has moved into the session handler class.
This allows for other classes to fully control session handling and
removes the dependancy on the core sessions database table.

Previously, the standard method of interaction with the
session metadata was direct DB calls; this may break other plugins as there
are now proper APIs available through the session manager.

Co-authored-by: Darren Cocco <moodle@darren.cocco.id.au>
Co-authored-by: Trisha Milan <trishamilan@catalyst-au.net>
Co-authored-by: Andrew Nicols <andrew@nicols.co.uk>
2024-09-03 13:04:04 +10:00
Huong Nguyen d585ad91b6 MDL-69684 session_redis: Improve PHPUnit test 2024-08-26 10:52:26 +07:00
Daniel Ziegenberg 492bca0a67 MDL-69684 session: Redis session locks set with expiry atomically
Co-Authored-By: Jamie Chapman-Brown <jamie.chapman-brown@agilicus.com>
Signed-off-by: Daniel Ziegenberg <daniel@ziegenberg.at>
2024-08-22 18:22:50 +02:00
Mark Johnson ff31b37c78 MDL-81987 redis: Set connection and read timeouts to 10 seconds
This allows the site to continue operating in case of degraded
performance, rather than throwing exceptions.
2024-08-08 13:45:48 +01:00
meirzamoodle ba8cb7874f MDL-81794 core: Fix the TLS issue on the Redis
The fix covers two places:
- The Redis session.
- The Redis cache store.

The PHP Redis has the option to establish the connection using TLS/SSL instead of using the "tls://" prefix.
This is done to ensure consistency with the Redis cluster connection,
as the code for both single and cluster connections is located in one place.
2024-05-29 09:14:27 +07:00
Andrew Nicols 601ef0f72d Merge branch 'MDL-81192_main' of https://github.com/marxjohnson/moodle 2024-04-12 11:48:06 +08:00
Mark Johnson 337a0ee705 MDL-81192 sessions: Prevent false positive session change errors
If $CFG->enable_read_only_sessions_debug was not enabled, debugging could be
enabled part-way through a request when restart_with_write_lock was
called. This meant that a diff between the initial and final session
would be made during write_close(), although the intial session state
was never captured. This generated false positives in the logs, and it
thought any variable set in the session was a change from the original
value.

This ensures that debugging is enabled before the debug flag is allowed
to change, preventing false positives.
2024-04-11 08:55:11 +01:00
meirzamoodle c9cb89323c MDL-81480 core: Sets user-level session storage functions
Also added @runInSeparateProcess on each session Redis cluster test to let the test run
in a separate process to avoid the error "the headers are not already sent" by PHPUnit.
2024-04-10 17:27:20 +07:00
Juan Leyva e09930bab6 MDL-81405 session: New core cookie helper utility class 2024-04-06 12:20:59 +02:00
meirzamoodle ce5b7edd5c MDL-81366 redis: Remove the named parameters
Unfortunately, the read_timeout named parameter was not recognized on some machines.
To avoid such errors, this patch removed the named parameter on a single Redis connect() and the Redis cluster.
2024-03-28 10:19:35 +07:00
meirzamoodle b7452d44de MDL-63128 core: Add support for use redis cluster as session handler
Co-authored-by: Avi Levy <avi@sysbind.co.il>
2024-03-25 12:47:40 +07:00
Jun Pataleta 3278ce7aba Merge branch 'MDL-65292' of https://github.com/stronk7/moodle 2024-03-08 08:00:41 +08:00
Eloy Lafuente (stronk7) 29a541724f MDL-65292 style: Fix all the function declaration ordering
This has been generated running the following Sniff,
part of the Moodle's CodeSniffer standard:
- PSR2.Methods.MethodDeclaration

It just ensures all the function declarations have
the correct order for:
- abstract and final.
- visibility (public, protected, private).
- static.

So, all the lines modified by this commit are function declarations
and the only changes are in the positions of those keywords.
2024-02-28 23:47:47 +01:00
Eloy Lafuente (stronk7) ba1f804ffa MDL-65292 style: Fix all function declarations white space
This has been generated running the following Sniffs, all
them part of the Moodle's CodeSniffer standard:
- PSR12.Functions.ReturnTypeDeclaration
- PSR12.Functions.NullableTypeDeclaration
- moodle.Methods.MethodDeclarationSpacing
- Squiz.Whitespace.ScopeKeywordSpacing

All them are, exclusively, about correct spacing, so the changes
are, all them, only white space changes.

Only exceptions to the above are 3 changes what were setting the
return type in a new line, and, when that happens, the closing
parenthesis (bracket) has to go to the same line than the colon.
2024-02-28 23:33:26 +01:00
Brendan Heywood c1fc12b479 MDL-80080 session: Unset logintoken after use 2024-02-22 10:56:02 +11:00
Jun Pataleta b47a37a4f2 Merge branch 'MDL-80281_main' of https://github.com/marxjohnson/moodle 2023-12-07 10:16:58 +08:00
Mark Johnson 0757441874 MDL-80281 session: Don't report long session locks for readonly sessions
Previously, $CFG->sessionlockdebug was reporting long session locks for
all requests, even if they defined READ_ONLY_SESSION. This change
ensures that only sessions with locks are reported.
2023-11-28 16:20:45 +00:00
Andrew Nicols e734858e55 MDL-79890 core: Session handlers must implement SessionHandlerInterface 2023-11-15 09:14:40 +08:00
Rossco Hellmans d0385ed705 MDL-79092 session: fix recentsessionlocks mutated session debugging
In write_close() call update_recent_session_locks() before setting
$sessionatclose so that it includes $SESSION->recentsessionlocks and
doesn't trigger the debugging in check_mutated_closed_session().
2023-08-23 09:29:34 +10:00
Matt Porritt 668057c3eb MDL-50160 Administration: HTTP only cookies default set to on.
This patch removes the UI setting (cookiehttponly) for HTTP only
cookies. For new installs HTTP only cookies will default to on.
For existing sites teh behaviour will stay as set.
The behaviour can be overriden in config.php
2023-07-31 14:09:30 +10:00
Srdjan f061599fc9 MDL-72622 core: Support TLS for redis session 2023-06-27 09:49:36 +10:00
Marina Glancy 8fc1486d36 MDL-77164 various: fix incorrect phpdocs 2023-04-13 11:35:06 +01:00
Nils Adermann e63ed5511b MDL-70687 session: Redis session lock exp = max exec time
If for any reason a Redis session lock is not being released, all subsequent
requests will wait to acquire the lock, forcing them to time out eventually.
This will happen till the original lock finally expires after the session timeout.

This sets the Redis session lock expiry time to whatever is lower,
either the PHP execution time `max_execution_time`, if the value was
defined in the `php.ini` or the globally configured `sessiontimeout`.
Setting it to the lower of the two will not make things worse it if the
execution timeout is longer than the session timeout.
For the PHP execution time, once the PHP execution time is over, we can
be sure that the lock is no longer actively held so that the lock can
expire safely. Although at `lib/classes/php_time_limit.php::raise(int)`,
Moodle can progressively increase the maximum PHP execution time, this
is limited to the `max_execution_time` value defined in the `php.ini`.
For the session timeout, we assume it is safe to consider the lock to
expire once the session itself expires.
If we unnecessarily hold the lock any longer, it blocks other session
requests.

Co-authored-by: Daniel Ziegenberg <daniel@ziegenberg.at>
Signed-off-by: Daniel Ziegenberg <daniel@ziegenberg.at>
2023-03-10 12:33:53 +01:00
Paul Holden 922c61dee8 MDL-74585 core: pass string identifier/component to network keepalive.
Avoid passing potentially large amounts of data in the page AMD call,
allow the `core/network` module to load actual string content itself.
2023-02-22 13:49:30 +00:00
Matthew Hilton 4faa3204d6 MDL-73317 session: Log extra details for cachestore changes
More visibility depth is required for cachestore changes since they
are usually multi dimensional arrays.
2023-02-09 12:03:49 +10:00
Matthew Hilton 9c8d8502c0 MDL-73317 session: Log session changes after close
A snapshot of the session is now taken when write_close is called.
The session at shutdown is then compared to the snapshot. If changes
are detected, they are logged. This aids developers in seeing if
early session closes may be having unintended consequences.
2023-02-09 12:03:49 +10:00
Matthew Hilton 95077da502 MDL-73317 session: Improve session diff detection
Previously, newly added keys to the session were not detected. Objects
with the same properties were also incorrectly reported as different.

This commit improves this, and updates the unit tests to reflect the
new functionality.
2023-02-09 12:03:49 +10:00
Andrew Nicols a3cc26f8bb MDL-76583 core: Update uses of external_* classes 2023-01-19 07:34:09 +08:00
Marina Glancy b1c97381b4 MDL-76356 various: avoid implicit conversion to int
PHP before version 8.1 automatically converted to int if the function
parameter (or array key) is expected to be int. PHP 8.1 shows notice in
this case
2023-01-10 15:27:11 +01:00
Brendan Heywood 825d11ec50 MDL-76166 auth: Ensure user is in server access logs 2022-11-30 13:25:20 +11:00
sam marshall 4ab9f08ce0 MDL-75369 Redis: Remove unnecessary ping after connect
The Redis cache store and session handler both do a 'ping()' after
connecting to Redis. This is unnecessary because the connect() call
has just checked the network connection and it's hardly likely that
the server has gone down since then.

According to my profiling, both connect() and ping() take
measurable time when talking to a separate server, i.e. a few
milliseconds. So it's not the case that connect() doesn't really
talk to the server, as I initially wondered.

If using Redis on a separate (non-localhost) server for both session
and cache store, removing these ping calls can save a millisecond
or two per request.
2022-09-13 10:45:00 +01:00
Jun Pataleta de177cc564 Merge branch 'MDL-72283_allow-customisation-of-redis-session-handler-errors' of https://github.com/ziegenberg/moodle 2022-05-24 10:13:04 +08:00
Daniel Ziegenberg 01309248d8 MDL-72283 caching: internationalize redis session handler error
The 'unable to obtain session lock'-exception raised by the Redis
session handler is hardcoded in English and not all that useful
to the end user.

This change adds the error message to the lang/error.php and gives
the user further hints why the error might have occured and how it
could be fixed.

Signed-off-by: Daniel Ziegenberg <daniel@ziegenberg.at>
2022-05-23 16:42:33 +02:00