Feature Request #2312

Optional third parameter for Session::get() to set the session key with default value

Added by Neutral Person over 2 years ago. Updated 4 months ago.

Status:Closed Start date:11/04/2009
Priority:Normal Due date:
Assignee:Woody Gilk % Done:

0%
Category:Core
Target version:-
Resolution:wontfix Points:

Description

In some situations I'd like it if the Session::get() method, when returning the default value, would also set the session key with that default value. Example implementation:

    /**
     * Get a variable from the session array.
     *
     * @param   string   variable name
     * @param   mixed    default value to return
     * @param   boolean  set key with default value
     * @return  mixed
     */
    public function get($key, $default = NULL, $set = FALSE)
    {
        return array_key_exists($key, $this->_data) ? $this->_data[$key] : $set ? $this->set($key, $default)->get($key) : $default;
    }

One example of where I'd use this is with this CSRF module:

http://dev.kohanaphp.com/projects/csrf

Before I use that module I'd prefer to tidy the code up a bit and with the above change to Session::get(), I'd be able to do this:

    public static function check()
    {
        CSRF::$token_name  = Session::instance()->get('csrf_token_name', 'csrf_'.Text::random('alnum', 5), TRUE);
        CSRF::$token_value = Session::instance()->get('csrf_token_value', Text::random('alnum', 32), TRUE);

        return (empty($_POST) OR ($_POST AND ! empty($_POST[CSRF::$token_name] AND $_POST[CSRF::$token_name] === CSRF::$token_value));
    }

Instead of this:

    public static function check()
    {
        CSRF::$token_name  = Session::instance()->get('csrf_token_name');
        CSRF::$token_value = Session::instance()->get('csrf_token_value');

        if ((CSRF::$token_name === NULL) OR (CSRF::$token_value === NULL))
        {
            CSRF::$token_name  = 'csrf_'.Text::random('alnum', 5);
            CSRF::$token_value = Text::random('alnum', 32);

            Session::instance()->set('csrf_token_name', CSRF::$token_name);
            Session::instance()->set('csrf_token_value', CSRF::$token_value);
        }

        if ($_POST)
            if (( ! isset($_POST[CSRF::$token_name]) ) OR ($_POST[CSRF::$token_name] !== CSRF::$token_value))
                return FALSE;

        return TRUE;
    }

History

#1
Updated by Woody Gilk over 2 years ago

  • Category set to Core
  • Status changed from New to Feedback
  • Target version set to v3.1.0

#2
Updated by Neutral Person over 2 years ago

Just a note to say that my example implementation code doesn't behave correctly so you'll need to do it different, but yeah, it at least shows what I mean.

#3
Updated by Jeremy Bush over 1 year ago

  • Target version changed from v3.1.0 to v3.2.0

#4
Updated by Jeremy Bush 12 months ago

  • Target version changed from v3.2.0 to v3.3.0

I'm not sure I like this change. Why would get() do assignment? That makes no sense.

#5
Updated by Jeremy Bush 5 months ago

  • Target version changed from v3.3.0 to Unscheduled

#6
Updated by Woody Gilk 4 months ago

  • Status changed from Feedback to Closed
  • Assignee set to Woody Gilk
  • Target version deleted (Unscheduled)
  • Resolution set to wontfix

This would be confusing behavior; and I don't see a good use case for this.

Also available in: Atom PDF