From c7077a8813a95d602c1cbab0f95c8ac7e864f45f Mon Sep 17 00:00:00 2001
From: Ben Roberts <ben@sihnon.net>
Date: Sat, 31 Dec 2011 01:16:22 +0000
Subject: [PATCH] Add options for customising Session parameters

---
 source/lib/SihnonFramework/Session.class.php | 27 +++++++++++++++++---
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/source/lib/SihnonFramework/Session.class.php b/source/lib/SihnonFramework/Session.class.php
index a75587d..b6b3ccb 100644
--- a/source/lib/SihnonFramework/Session.class.php
+++ b/source/lib/SihnonFramework/Session.class.php
@@ -4,13 +4,19 @@ class SihnonFramework_Session {
     
     protected $config;
     
+    protected $enabled;
     protected $state;
     protected $dirty;
     
     public function __construct(Sihnon_Config $config) {
         $this->config = $config;
+        $this->enabled = false;
         $this->dirty = false;
         
+        if ($this->config->exists('sessions') && $this->config->get('sessions')) {
+            $this->enabled = true;
+        }
+        
         $this->init();
     }
     
@@ -19,12 +25,23 @@ class SihnonFramework_Session {
     }
     
     protected function init() {
-        session_start();
-        $this->state = $_SESSION;
+        if ($this->enabled) {
+            session_start();
+            $this->state = $_SESSION;
+            
+            // Override the session parameters if configured
+            $params = session_get_cookie_params();
+            $lifetime = $this->config->exists('sessions.lifetime')  ? $this->config->get('sessions.lifetime')  : $params['lifetime'];
+            $path     = $this->config->exists('sessions.path')      ? $this->config->get('sessions.path')      : $params['path'];
+            $domain   = $this->config->exists('sessions.domain')    ? $this->config->get('sessions.domain')    : $params['domain'];
+            $secure   = $this->config->exists('sessions.secure')    ? $this->config->get('sessions.secure')    : $params['secure'];
+            $httponly = $this->config->exists('sessions.http-only') ? $this->config->get('sessions.http-only') : $params['httponly'];
+            session_set_cookie_params($lifetime, $path, $domain, $secure, $httponly);
+        }
     }
     
     protected function teardown() {
-        if ($this->dirty) {
+        if ($this->enabled && $this->dirty) {
             $_SESSION = $this->state;
             session_write_close();
         }
@@ -53,7 +70,9 @@ class SihnonFramework_Session {
     }
     
     public function securityLeveLChanged() {
-        session_regenerate_id(true);
+        if ($this->enabled) {
+            session_regenerate_id(true);
+        }
     }
     
 }