Edit File by line
/home/zeestwma/richards.../wp-conte.../plugins/woocomme.../includes
File: class-wc-session-handler.php
<?php
[0] Fix | Delete
/**
[1] Fix | Delete
* Handle data for the current customers session.
[2] Fix | Delete
* Implements the WC_Session abstract class.
[3] Fix | Delete
*
[4] Fix | Delete
* From 2.5 this uses a custom table for session storage. Based on https://github.com/kloon/woocommerce-large-sessions.
[5] Fix | Delete
*
[6] Fix | Delete
* @class WC_Session_Handler
[7] Fix | Delete
* @package WooCommerce\Classes
[8] Fix | Delete
*/
[9] Fix | Delete
[10] Fix | Delete
declare(strict_types=1);
[11] Fix | Delete
[12] Fix | Delete
use Automattic\Jetpack\Constants;
[13] Fix | Delete
use Automattic\WooCommerce\Internal\Features\FeaturesController;
[14] Fix | Delete
use Automattic\WooCommerce\Utilities\StringUtil;
[15] Fix | Delete
use Automattic\WooCommerce\StoreApi\Utilities\CartTokenUtils;
[16] Fix | Delete
[17] Fix | Delete
defined( 'ABSPATH' ) || exit;
[18] Fix | Delete
[19] Fix | Delete
/**
[20] Fix | Delete
* Session handler class.
[21] Fix | Delete
*/
[22] Fix | Delete
class WC_Session_Handler extends WC_Session {
[23] Fix | Delete
[24] Fix | Delete
/**
[25] Fix | Delete
* Cookie name used for the session.
[26] Fix | Delete
*
[27] Fix | Delete
* @var string cookie name
[28] Fix | Delete
*/
[29] Fix | Delete
protected $_cookie = ''; // phpcs:ignore PSR2.Classes.PropertyDeclaration.Underscore
[30] Fix | Delete
[31] Fix | Delete
/**
[32] Fix | Delete
* Stores session expiry.
[33] Fix | Delete
*
[34] Fix | Delete
* @var int session due to expire timestamp
[35] Fix | Delete
*/
[36] Fix | Delete
protected $_session_expiring = 0; // phpcs:ignore PSR2.Classes.PropertyDeclaration.Underscore
[37] Fix | Delete
[38] Fix | Delete
/**
[39] Fix | Delete
* Stores session due to expire timestamp.
[40] Fix | Delete
*
[41] Fix | Delete
* @var int session expiration timestamp
[42] Fix | Delete
*/
[43] Fix | Delete
protected $_session_expiration = 0; // phpcs:ignore PSR2.Classes.PropertyDeclaration.Underscore
[44] Fix | Delete
[45] Fix | Delete
/**
[46] Fix | Delete
* True when the cookie exists.
[47] Fix | Delete
*
[48] Fix | Delete
* @var bool Based on whether a cookie exists.
[49] Fix | Delete
*/
[50] Fix | Delete
protected $_has_cookie = false; // phpcs:ignore PSR2.Classes.PropertyDeclaration.Underscore
[51] Fix | Delete
[52] Fix | Delete
/**
[53] Fix | Delete
* Table name for session data.
[54] Fix | Delete
*
[55] Fix | Delete
* @var string Custom session table name
[56] Fix | Delete
*/
[57] Fix | Delete
protected $_table = ''; // phpcs:ignore PSR2.Classes.PropertyDeclaration.Underscore
[58] Fix | Delete
[59] Fix | Delete
/**
[60] Fix | Delete
* Constructor for the session class.
[61] Fix | Delete
*/
[62] Fix | Delete
public function __construct() {
[63] Fix | Delete
/**
[64] Fix | Delete
* Filter the cookie name.
[65] Fix | Delete
*
[66] Fix | Delete
* @since 3.6.0
[67] Fix | Delete
*
[68] Fix | Delete
* @param string $cookie Cookie name.
[69] Fix | Delete
*/
[70] Fix | Delete
$this->_cookie = (string) apply_filters( 'woocommerce_cookie', 'wp_woocommerce_session_' . COOKIEHASH );
[71] Fix | Delete
$this->_table = $GLOBALS['wpdb']->prefix . 'woocommerce_sessions';
[72] Fix | Delete
$this->set_session_expiration();
[73] Fix | Delete
}
[74] Fix | Delete
[75] Fix | Delete
/**
[76] Fix | Delete
* Init hooks and session data.
[77] Fix | Delete
*
[78] Fix | Delete
* @since 3.3.0
[79] Fix | Delete
*/
[80] Fix | Delete
public function init() {
[81] Fix | Delete
$this->init_hooks();
[82] Fix | Delete
$this->init_session();
[83] Fix | Delete
}
[84] Fix | Delete
[85] Fix | Delete
/**
[86] Fix | Delete
* Initialize the hooks.
[87] Fix | Delete
*/
[88] Fix | Delete
protected function init_hooks() {
[89] Fix | Delete
add_action( 'woocommerce_set_cart_cookies', array( $this, 'set_customer_session_cookie' ), 10 );
[90] Fix | Delete
add_action( 'wp', array( $this, 'maybe_set_customer_session_cookie' ), 99 );
[91] Fix | Delete
add_action( 'template_redirect', array( $this, 'destroy_session_if_empty' ), 999 );
[92] Fix | Delete
add_action( 'shutdown', array( $this, 'save_data' ), 20 );
[93] Fix | Delete
add_action( 'wp_logout', array( $this, 'destroy_session' ) );
[94] Fix | Delete
[95] Fix | Delete
if ( ! is_user_logged_in() ) {
[96] Fix | Delete
add_filter( 'nonce_user_logged_out', array( $this, 'maybe_update_nonce_user_logged_out' ), 10, 2 );
[97] Fix | Delete
}
[98] Fix | Delete
}
[99] Fix | Delete
[100] Fix | Delete
/**
[101] Fix | Delete
* Initialize the session from either the request or the cookie.
[102] Fix | Delete
*/
[103] Fix | Delete
private function init_session() {
[104] Fix | Delete
if ( ! $this->init_session_from_request() ) {
[105] Fix | Delete
$this->init_session_cookie();
[106] Fix | Delete
}
[107] Fix | Delete
}
[108] Fix | Delete
[109] Fix | Delete
/**
[110] Fix | Delete
* Initialize the session from the query string parameter.
[111] Fix | Delete
*
[112] Fix | Delete
* If the current user is logged in, the token session will replace the current user's session.
[113] Fix | Delete
* If the current user is logged out, the token session will be cloned to a new session.
[114] Fix | Delete
*
[115] Fix | Delete
* Only guest sessions are restored, hence the check for the t_ prefix on the customer ID.
[116] Fix | Delete
*
[117] Fix | Delete
* @return bool
[118] Fix | Delete
*/
[119] Fix | Delete
private function init_session_from_request() {
[120] Fix | Delete
$session_token = is_string( $_GET['session'] ?? '' ) ? wc_clean( wp_unslash( $_GET['session'] ?? '' ) ) : ''; // phpcs:ignore WordPress.Security.NonceVerification.Recommended
[121] Fix | Delete
[122] Fix | Delete
if ( empty( $session_token ) || ! CartTokenUtils::validate_cart_token( $session_token ) ) {
[123] Fix | Delete
return false;
[124] Fix | Delete
}
[125] Fix | Delete
[126] Fix | Delete
$payload = CartTokenUtils::get_cart_token_payload( $session_token );
[127] Fix | Delete
[128] Fix | Delete
if ( ! $this->is_customer_guest( $payload['user_id'] ) || ! $this->session_exists( $payload['user_id'] ) ) {
[129] Fix | Delete
return false;
[130] Fix | Delete
}
[131] Fix | Delete
[132] Fix | Delete
// Check to see if the current user has a session before proceeding with token handling.
[133] Fix | Delete
$cookie = $this->get_session_cookie();
[134] Fix | Delete
[135] Fix | Delete
if ( $cookie ) {
[136] Fix | Delete
// User owns this token. Return and use cookie session.
[137] Fix | Delete
if ( $cookie[0] === $payload['user_id'] ) {
[138] Fix | Delete
return false;
[139] Fix | Delete
}
[140] Fix | Delete
[141] Fix | Delete
$cookie_session_data = (array) $this->get_session( $cookie[0], array() );
[142] Fix | Delete
[143] Fix | Delete
// Cookie session was originally created via this token. Return and use cookie session to prevent creating a new clone.
[144] Fix | Delete
if ( isset( $cookie_session_data['previous_customer_id'] ) && $cookie_session_data['previous_customer_id'] === $payload['user_id'] ) {
[145] Fix | Delete
return false;
[146] Fix | Delete
}
[147] Fix | Delete
}
[148] Fix | Delete
[149] Fix | Delete
// Generate new customer ID for the new session before cloning the data.
[150] Fix | Delete
$this->_customer_id = $this->generate_customer_id();
[151] Fix | Delete
$this->set_customer_session_cookie( true );
[152] Fix | Delete
$this->clone_session_data( $payload['user_id'] );
[153] Fix | Delete
[154] Fix | Delete
return true;
[155] Fix | Delete
}
[156] Fix | Delete
[157] Fix | Delete
/**
[158] Fix | Delete
* Setup cookie and customer ID.
[159] Fix | Delete
*
[160] Fix | Delete
* @since 3.6.0
[161] Fix | Delete
*/
[162] Fix | Delete
public function init_session_cookie() {
[163] Fix | Delete
$cookie = $this->get_session_cookie();
[164] Fix | Delete
[165] Fix | Delete
if ( ! $cookie ) {
[166] Fix | Delete
// If there is no cookie, generate a new session/customer ID.
[167] Fix | Delete
$this->_customer_id = $this->generate_customer_id();
[168] Fix | Delete
$this->_data = $this->get_session_data();
[169] Fix | Delete
return;
[170] Fix | Delete
}
[171] Fix | Delete
[172] Fix | Delete
// Customer ID will be an MD5 hash id this is a guest session.
[173] Fix | Delete
$this->_customer_id = $cookie[0];
[174] Fix | Delete
$this->_session_expiration = (int) $cookie[1];
[175] Fix | Delete
$this->_session_expiring = (int) $cookie[2];
[176] Fix | Delete
$this->_has_cookie = true;
[177] Fix | Delete
[178] Fix | Delete
$this->restore_session_data();
[179] Fix | Delete
[180] Fix | Delete
/**
[181] Fix | Delete
* This clears the session if the cookie is invalid.
[182] Fix | Delete
*/
[183] Fix | Delete
if ( ! $this->is_session_cookie_valid() ) {
[184] Fix | Delete
$this->destroy_session();
[185] Fix | Delete
}
[186] Fix | Delete
[187] Fix | Delete
// If the user logs in, update session.
[188] Fix | Delete
if ( is_user_logged_in() && (string) get_current_user_id() !== $this->get_customer_id() ) {
[189] Fix | Delete
$this->migrate_guest_session_to_user_session();
[190] Fix | Delete
}
[191] Fix | Delete
[192] Fix | Delete
// Update session if its close to expiring.
[193] Fix | Delete
if ( $this->is_session_expiring() ) {
[194] Fix | Delete
$this->set_session_expiration();
[195] Fix | Delete
$this->update_session_timestamp( $this->get_customer_id(), $this->_session_expiration );
[196] Fix | Delete
}
[197] Fix | Delete
}
[198] Fix | Delete
[199] Fix | Delete
/**
[200] Fix | Delete
* Clones a session to the current session. Exclude customer details for privacy reasons.
[201] Fix | Delete
*
[202] Fix | Delete
* @param string $clone_from_customer_id The customer ID to clone from.
[203] Fix | Delete
*/
[204] Fix | Delete
private function clone_session_data( string $clone_from_customer_id ) {
[205] Fix | Delete
$session_data = (array) $this->get_session( $clone_from_customer_id, array() );
[206] Fix | Delete
$session_data['previous_customer_id'] = $clone_from_customer_id;
[207] Fix | Delete
$session_data = array_diff_key( $session_data, array( 'customer' => true ) );
[208] Fix | Delete
$this->_data = $session_data;
[209] Fix | Delete
$this->_dirty = true;
[210] Fix | Delete
$this->save_data();
[211] Fix | Delete
}
[212] Fix | Delete
[213] Fix | Delete
/**
[214] Fix | Delete
* Migrates a guest session to the current user session.
[215] Fix | Delete
*/
[216] Fix | Delete
private function migrate_guest_session_to_user_session() {
[217] Fix | Delete
$guest_session_id = $this->_customer_id;
[218] Fix | Delete
$user_session_id = (string) get_current_user_id();
[219] Fix | Delete
[220] Fix | Delete
$this->_data = $this->get_session( $guest_session_id, array() );
[221] Fix | Delete
$this->_dirty = true;
[222] Fix | Delete
$this->_customer_id = $user_session_id;
[223] Fix | Delete
$this->save_data( $guest_session_id );
[224] Fix | Delete
[225] Fix | Delete
/**
[226] Fix | Delete
* Fires after a customer has logged in, and their guest session id has been
[227] Fix | Delete
* deleted with its data migrated to a customer id.
[228] Fix | Delete
*
[229] Fix | Delete
* This hook gives extensions the chance to connect the old session id to the
[230] Fix | Delete
* customer id, if the key is being used externally.
[231] Fix | Delete
*
[232] Fix | Delete
* @since 8.8.0
[233] Fix | Delete
*
[234] Fix | Delete
* @param string $guest_session_id The former session ID, as generated by `::generate_customer_id()`.
[235] Fix | Delete
* @param string $user_session_id The Customer ID that the former session was converted to.
[236] Fix | Delete
*/
[237] Fix | Delete
do_action( 'woocommerce_guest_session_to_user_id', $guest_session_id, $this->_customer_id );
[238] Fix | Delete
}
[239] Fix | Delete
[240] Fix | Delete
/**
[241] Fix | Delete
* Restore the session data from the database.
[242] Fix | Delete
*
[243] Fix | Delete
* @since 10.0.0
[244] Fix | Delete
*/
[245] Fix | Delete
private function restore_session_data() {
[246] Fix | Delete
$session_data = $this->get_session_data();
[247] Fix | Delete
[248] Fix | Delete
/**
[249] Fix | Delete
* Filters the session data when restoring from storage during initialization.
[250] Fix | Delete
*
[251] Fix | Delete
* This filter allows you to:
[252] Fix | Delete
* 1. Modify the session data before it's loaded, including adding or removing specific session data entries
[253] Fix | Delete
* 2. Clear the entire session by returning an empty array
[254] Fix | Delete
*
[255] Fix | Delete
* Note: If the filtered data is empty, the session will be destroyed and the
[256] Fix | Delete
* guest's session cookie will be removed. This can be useful for high-traffic
[257] Fix | Delete
* sites that prioritize page caching over maintaining all session data.
[258] Fix | Delete
*
[259] Fix | Delete
* @since 9.9.0
[260] Fix | Delete
*
[261] Fix | Delete
* @param array $session_data The session data loaded from storage.
[262] Fix | Delete
* @return array Modified session data to be used for initialization.
[263] Fix | Delete
*/
[264] Fix | Delete
$this->_data = (array) apply_filters( 'woocommerce_restored_session_data', $session_data );
[265] Fix | Delete
}
[266] Fix | Delete
[267] Fix | Delete
/**
[268] Fix | Delete
* Checks if session cookie is expired, or belongs to a logged out user.
[269] Fix | Delete
*
[270] Fix | Delete
* @return bool Whether session cookie is valid.
[271] Fix | Delete
*/
[272] Fix | Delete
private function is_session_cookie_valid() {
[273] Fix | Delete
// If session is expired, session cookie is invalid.
[274] Fix | Delete
if ( time() > $this->_session_expiration ) {
[275] Fix | Delete
return false;
[276] Fix | Delete
}
[277] Fix | Delete
[278] Fix | Delete
// If user has logged out, session cookie is invalid.
[279] Fix | Delete
if ( ! is_user_logged_in() && ! $this->is_customer_guest( $this->get_customer_id() ) ) {
[280] Fix | Delete
return false;
[281] Fix | Delete
}
[282] Fix | Delete
[283] Fix | Delete
// Session from a different user is not valid. (Although from a guest user will be valid).
[284] Fix | Delete
if ( is_user_logged_in() && ! $this->is_customer_guest( $this->get_customer_id() ) && (string) get_current_user_id() !== $this->get_customer_id() ) {
[285] Fix | Delete
return false;
[286] Fix | Delete
}
[287] Fix | Delete
[288] Fix | Delete
return true;
[289] Fix | Delete
}
[290] Fix | Delete
[291] Fix | Delete
/**
[292] Fix | Delete
* Hooks into the wp action to maybe set the session cookie if the user is on a certain page e.g. a checkout endpoint.
[293] Fix | Delete
*
[294] Fix | Delete
* Certain gateways may rely on sessions and this ensures a session is present even if the customer does not have a
[295] Fix | Delete
* cart.
[296] Fix | Delete
*/
[297] Fix | Delete
public function maybe_set_customer_session_cookie() {
[298] Fix | Delete
if ( is_wc_endpoint_url( 'order-pay' ) ) {
[299] Fix | Delete
$this->set_customer_session_cookie( true );
[300] Fix | Delete
}
[301] Fix | Delete
}
[302] Fix | Delete
[303] Fix | Delete
/**
[304] Fix | Delete
* Hash a value using wp_fast_hash (from WP 6.8 onwards).
[305] Fix | Delete
*
[306] Fix | Delete
* This method can be removed when the minimum version supported is 6.8.
[307] Fix | Delete
*
[308] Fix | Delete
* @param string $message Value to hash.
[309] Fix | Delete
* @return string Hashed value.
[310] Fix | Delete
*/
[311] Fix | Delete
private function hash( string $message ) {
[312] Fix | Delete
if ( function_exists( 'wp_fast_hash' ) ) {
[313] Fix | Delete
return wp_fast_hash( $message );
[314] Fix | Delete
}
[315] Fix | Delete
return hash_hmac( 'md5', $message, wp_hash( $message ) );
[316] Fix | Delete
}
[317] Fix | Delete
[318] Fix | Delete
/**
[319] Fix | Delete
* Verify a hash using wp_verify_fast_hash (from WP 6.8 onwards).
[320] Fix | Delete
*
[321] Fix | Delete
* This method can be removed when the minimum version supported is 6.8.
[322] Fix | Delete
*
[323] Fix | Delete
* @param string $message Message to verify.
[324] Fix | Delete
* @param string $hash Hash to verify.
[325] Fix | Delete
* @return bool Whether the hash is valid.
[326] Fix | Delete
*/
[327] Fix | Delete
private function verify_hash( string $message, string $hash ) {
[328] Fix | Delete
if ( function_exists( 'wp_verify_fast_hash' ) ) {
[329] Fix | Delete
return wp_verify_fast_hash( $message, $hash );
[330] Fix | Delete
}
[331] Fix | Delete
return hash_equals( hash_hmac( 'md5', $message, wp_hash( $message ) ), $hash );
[332] Fix | Delete
}
[333] Fix | Delete
[334] Fix | Delete
/**
[335] Fix | Delete
* Sets the session cookie on-demand (usually after adding an item to the cart).
[336] Fix | Delete
*
[337] Fix | Delete
* Since the cookie name (as of 2.1) is prepended with wp, cache systems like batcache will not cache pages when set.
[338] Fix | Delete
*
[339] Fix | Delete
* Warning: Cookies will only be set if this is called before the headers are sent.
[340] Fix | Delete
*
[341] Fix | Delete
* @param bool $set Should the session cookie be set.
[342] Fix | Delete
*/
[343] Fix | Delete
public function set_customer_session_cookie( $set ) {
[344] Fix | Delete
if ( $set ) {
[345] Fix | Delete
$cookie_hash = $this->hash( $this->get_customer_id() . '|' . (string) $this->_session_expiration );
[346] Fix | Delete
$cookie_value = $this->get_customer_id() . '|' . (string) $this->_session_expiration . '|' . (string) $this->_session_expiring . '|' . $cookie_hash;
[347] Fix | Delete
[348] Fix | Delete
if ( ! isset( $_COOKIE[ $this->_cookie ] ) || $_COOKIE[ $this->_cookie ] !== $cookie_value ) {
[349] Fix | Delete
wc_setcookie( $this->_cookie, $cookie_value, $this->_session_expiration, $this->use_secure_cookie(), true );
[350] Fix | Delete
}
[351] Fix | Delete
[352] Fix | Delete
$this->_has_cookie = true;
[353] Fix | Delete
}
[354] Fix | Delete
}
[355] Fix | Delete
[356] Fix | Delete
/**
[357] Fix | Delete
* Should the session cookie be secure?
[358] Fix | Delete
*
[359] Fix | Delete
* @since 3.6.0
[360] Fix | Delete
* @return bool
[361] Fix | Delete
*/
[362] Fix | Delete
protected function use_secure_cookie() {
[363] Fix | Delete
/**
[364] Fix | Delete
* Filter whether to use a secure cookie.
[365] Fix | Delete
*
[366] Fix | Delete
* @since 3.6.0
[367] Fix | Delete
*
[368] Fix | Delete
* @param bool $use_secure_cookie Whether to use a secure cookie.
[369] Fix | Delete
*/
[370] Fix | Delete
return (bool) apply_filters( 'wc_session_use_secure_cookie', wc_site_is_https() && is_ssl() );
[371] Fix | Delete
}
[372] Fix | Delete
[373] Fix | Delete
/**
[374] Fix | Delete
* Return true if the current user has an active session, i.e. a cookie to retrieve values.
[375] Fix | Delete
*
[376] Fix | Delete
* @return bool
[377] Fix | Delete
*/
[378] Fix | Delete
public function has_session() {
[379] Fix | Delete
return isset( $_COOKIE[ $this->_cookie ] ) || $this->_has_cookie || is_user_logged_in();
[380] Fix | Delete
}
[381] Fix | Delete
[382] Fix | Delete
/**
[383] Fix | Delete
* Checks if the session is expiring.
[384] Fix | Delete
*
[385] Fix | Delete
* @return bool Whether session is expiring.
[386] Fix | Delete
*/
[387] Fix | Delete
private function is_session_expiring() {
[388] Fix | Delete
return time() > $this->_session_expiring;
[389] Fix | Delete
}
[390] Fix | Delete
[391] Fix | Delete
/**
[392] Fix | Delete
* Set session expiration.
[393] Fix | Delete
*/
[394] Fix | Delete
public function set_session_expiration() {
[395] Fix | Delete
$default_expiring_seconds = DAY_IN_SECONDS;
[396] Fix | Delete
$default_expiration_seconds = is_user_logged_in() ? WEEK_IN_SECONDS : 2 * DAY_IN_SECONDS;
[397] Fix | Delete
$max_expiration_seconds = MONTH_IN_SECONDS;
[398] Fix | Delete
$max_expiring_seconds = $max_expiration_seconds - DAY_IN_SECONDS;
[399] Fix | Delete
$session_limit_exceeded = false;
[400] Fix | Delete
[401] Fix | Delete
/**
[402] Fix | Delete
* Filters the session expiration.
[403] Fix | Delete
*
[404] Fix | Delete
* @since 5.0.0
[405] Fix | Delete
* @param int $expiration_seconds The expiration time in seconds.
[406] Fix | Delete
*/
[407] Fix | Delete
$expiring_seconds = intval( apply_filters( 'wc_session_expiring', $default_expiring_seconds ) ) ?: $default_expiring_seconds; // phpcs:ignore Universal.Operators.DisallowShortTernary.Found
[408] Fix | Delete
[409] Fix | Delete
if ( $expiring_seconds > $max_expiring_seconds ) {
[410] Fix | Delete
$session_limit_exceeded = true;
[411] Fix | Delete
}
[412] Fix | Delete
/**
[413] Fix | Delete
* Filters the session expiration.
[414] Fix | Delete
*
[415] Fix | Delete
* @since 5.0.0
[416] Fix | Delete
* @param int $expiration_seconds The expiration time in seconds.
[417] Fix | Delete
*/
[418] Fix | Delete
$expiration_seconds = intval( apply_filters( 'wc_session_expiration', $default_expiration_seconds ) ) ?: $default_expiration_seconds; // phpcs:ignore Universal.Operators.DisallowShortTernary.Found
[419] Fix | Delete
[420] Fix | Delete
// We limit the expiration time to 30 days to avoid performance issues and the session table growing too large.
[421] Fix | Delete
if ( $expiration_seconds > $max_expiration_seconds ) {
[422] Fix | Delete
$session_limit_exceeded = true;
[423] Fix | Delete
}
[424] Fix | Delete
[425] Fix | Delete
if ( $session_limit_exceeded ) {
[426] Fix | Delete
$transient_key = 'wc_session_handler_warning';
[427] Fix | Delete
if ( false === get_transient( $transient_key ) ) {
[428] Fix | Delete
wc_get_logger()->warning(
[429] Fix | Delete
sprintf(
[430] Fix | Delete
'Keeping sessions for longer than %d days can cause performance issues and larger session tables. Monitor usage and adjust lifetimes via the wc_session_expiring and wc_session_expiration filters as needed.',
[431] Fix | Delete
$max_expiration_seconds / DAY_IN_SECONDS
[432] Fix | Delete
),
[433] Fix | Delete
array( 'source' => 'wc_session_handler' )
[434] Fix | Delete
);
[435] Fix | Delete
set_transient( $transient_key, true, $max_expiration_seconds );
[436] Fix | Delete
}
[437] Fix | Delete
}
[438] Fix | Delete
[439] Fix | Delete
// If the expiring time is greater than the expiration time, set the expiring time to 90% of the expiration time.
[440] Fix | Delete
if ( $expiring_seconds > $expiration_seconds ) {
[441] Fix | Delete
$expiring_seconds = $expiration_seconds * 0.9;
[442] Fix | Delete
}
[443] Fix | Delete
[444] Fix | Delete
$this->_session_expiring = time() + $expiring_seconds;
[445] Fix | Delete
$this->_session_expiration = time() + $expiration_seconds;
[446] Fix | Delete
}
[447] Fix | Delete
[448] Fix | Delete
/**
[449] Fix | Delete
* Generate a unique customer ID for guests, or return user ID if logged in.
[450] Fix | Delete
*
[451] Fix | Delete
* @return string
[452] Fix | Delete
*/
[453] Fix | Delete
public function generate_customer_id() {
[454] Fix | Delete
return is_user_logged_in() ? (string) get_current_user_id() : wc_rand_hash( 't_', 30 );
[455] Fix | Delete
}
[456] Fix | Delete
[457] Fix | Delete
/**
[458] Fix | Delete
* Checks if this is an auto-generated customer ID.
[459] Fix | Delete
*
[460] Fix | Delete
* @param string $customer_id Customer ID to check.
[461] Fix | Delete
* @return bool Whether customer ID is randomly generated.
[462] Fix | Delete
*/
[463] Fix | Delete
private function is_customer_guest( $customer_id ) {
[464] Fix | Delete
return empty( $customer_id ) || 't_' === substr( $customer_id, 0, 2 );
[465] Fix | Delete
}
[466] Fix | Delete
[467] Fix | Delete
/**
[468] Fix | Delete
* Get session unique ID for requests if session is initialized or user ID if logged in.
[469] Fix | Delete
* Introduced to help with unit tests.
[470] Fix | Delete
*
[471] Fix | Delete
* @since 5.3.0
[472] Fix | Delete
* @return string
[473] Fix | Delete
*/
[474] Fix | Delete
public function get_customer_unique_id() {
[475] Fix | Delete
$customer_id = '';
[476] Fix | Delete
[477] Fix | Delete
if ( $this->has_session() && $this->get_customer_id() ) {
[478] Fix | Delete
$customer_id = $this->get_customer_id();
[479] Fix | Delete
} elseif ( is_user_logged_in() ) {
[480] Fix | Delete
$customer_id = (string) get_current_user_id();
[481] Fix | Delete
}
[482] Fix | Delete
[483] Fix | Delete
return $customer_id;
[484] Fix | Delete
}
[485] Fix | Delete
[486] Fix | Delete
/**
[487] Fix | Delete
* Get the session cookie, if set. Otherwise return false.
[488] Fix | Delete
*
[489] Fix | Delete
* Session cookies without a customer ID are invalid.
[490] Fix | Delete
*
[491] Fix | Delete
* @return bool|array
[492] Fix | Delete
*/
[493] Fix | Delete
public function get_session_cookie() {
[494] Fix | Delete
$cookie_value = isset( $_COOKIE[ $this->_cookie ] ) ? wc_clean( wp_unslash( (string) $_COOKIE[ $this->_cookie ] ) ) : '';
[495] Fix | Delete
[496] Fix | Delete
if ( empty( $cookie_value ) ) {
[497] Fix | Delete
return false;
[498] Fix | Delete
}
[499] Fix | Delete
12
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function