NEW Add cache-based session handler implementation

The intention is to use in-memory cache adapters such as Redis and
Memcached - though theoretically any PSR16 adapter would work.

Author: GuySartorelli

_config/session.yml

@@ -0,0 +1,26 @@
+---
+Name: session-handlers
+---
+SilverStripe\Core\Injector\Injector:
+  SilverStripe\Control\SessionHandler\CacheSessionHandler:
+    constructor:
+      cacheAdapter: '%$Psr\SimpleCache\CacheInterface.session-handler'
+
+  SilverStripe\Core\Cache\RedisCacheFactory:
+    constructor:
+      logger: '%$Psr\Log\LoggerInterface'
+
+  SilverStripe\Core\Cache\MemcachedCacheFactory:
+    constructor:
+      logger: '%$Psr\Log\LoggerInterface'
+
+  Psr\SimpleCache\CacheInterface.session-handler:
+    factory: '`SS_SESSION_CACHE_FACTORY`'
+    constructor:
+      namespace: 'session-handler'
+      defaultLifetime: 0
+      useInjector: true
+      # Use of the DefaultCacheFactory shouldn't be encouraged, but
+      # is technically valid so we have to disable containers to avoid
+      # weird behaviour with versioned, etc.
+      disable-container: true

src/Control/SessionHandler/AbstractSessionHandler.php

@@ -0,0 +1,23 @@
+<?php
+
+namespace SilverStripe\Control\SessionHandler;
+
+use SessionHandlerInterface;
+use SessionUpdateTimestampHandlerInterface;
+use SilverStripe\Control\Session;
+
+abstract class AbstractSessionHandler implements SessionHandlerInterface, SessionUpdateTimestampHandlerInterface
+{
+    /**
+     * Get the session lifetime in seconds.
+     * Returns the cookie lifetime if it's non-zero, otherwise returns the garbage collection lifetime.
+     */
+    protected function getLifetime(): int
+    {
+        $cookieLifetime = (int) Session::config()->get('timeout');
+        if ($cookieLifetime) {
+            return $cookieLifetime;
+        }
+        return (int) ini_get('session.gc_maxlifetime');
+    }
+}

src/Control/SessionHandler/CacheSessionHandler.php

@@ -0,0 +1,87 @@
+<?php
+
+namespace SilverStripe\Control\SessionHandler;
+
+use SensitiveParameter;
+use Psr\SimpleCache\CacheInterface;
+
+/**
+ * Session save handler that stores session data in an in a PSR-16 cache adapter.
+ */
+class CacheSessionHandler extends AbstractSessionHandler
+{
+    private CacheInterface $cacheHandler;
+
+    public function __construct(CacheInterface $cacheHandler)
+    {
+        $this->cacheHandler = $cacheHandler;
+    }
+
+    public function open(string $path, string $name): bool
+    {
+        // No action is required to open the session.
+        return true;
+    }
+
+    public function close(): bool
+    {
+        // No action is required to close the session.
+        return true;
+    }
+
+    /**
+     * @inheritDoc
+     * Clears the cache entry that represents this session ID.
+     */
+    public function destroy(#[SensitiveParameter] string $id): bool
+    {
+        return $this->cacheHandler->delete($id);
+    }
+
+    /**
+     * @inheritDoc
+     * Clears all session cache which have a last modified datetime older than the session max lifetime.
+     */
+    public function gc(int $max_lifetime): int|false
+    {
+        // No action required - the cache adapter handles GC itself.
+        return 0;
+    }
+
+    /**
+     * @inheritDoc
+     * Returns data of a pre-existing session, or an empty string for a new session.
+     */
+    public function read(#[SensitiveParameter] string $id): string|false
+    {
+        return $this->cacheHandler->get($id, '');
+    }
+
+    /**
+     * @inheritDoc
+     * Writes session data to a cache entry.
+     */
+    public function write(#[SensitiveParameter] string $id, string $data): bool
+    {
+        return $this->cacheHandler->set($id, $data, $this->getLifetime());
+    }
+
+    /**
+     * @inheritDoc
+     * A session ID is valid if an entry for that session ID already exists and has not expired.
+     */
+    public function validateId(#[SensitiveParameter] string $id): bool
+    {
+        return $this->cacheHandler->has($id);
+    }
+
+    /**
+     * @inheritDoc
+     * Called instead of write if session.lazy_write is enabled and no data has changed for this session.
+     */
+    public function updateTimestamp(#[SensitiveParameter] string $id, string $data): bool
+    {
+        // The cache interface doesn't let us just update TTL, so we have to set the data at the same time.
+        return $this->write($id, $data);
+    }
+}

src/Control/SessionHandler/FileSessionHandler.php

@@ -7,9 +7,6 @@
 use Psr\Log\LoggerInterface;
 use RuntimeException;
 use SensitiveParameter;
-use SessionHandlerInterface;
-use SessionUpdateTimestampHandlerInterface;
-use SilverStripe\Control\Session;
 use SilverStripe\Core\Injector\Injector;
 use SilverStripe\Core\Path;
 use SilverStripe\ORM\FieldType\DBDatetime;
@@ -23,7 +20,7 @@
  * Similar to PHP's default filesystem session handler, except it doesn't lock the session file meaning
  * sessions are non-blocking.
  */
-class FileSessionHandler implements SessionHandlerInterface, SessionUpdateTimestampHandlerInterface
+class FileSessionHandler extends AbstractSessionHandler
 {
     public const string SESSION_FILE_PREFIX = 'sess_';
 
@@ -329,18 +326,6 @@ private function isSessionExpired(#[SensitiveParameter] string $path): bool
         return $mTime < (DBDatetime::now()->getTimestamp() - $maxLifeInSeconds);
     }
 
-    /**
-     * Returns the cookie lifetime if it's non-zero, otherwise returns the garbage collection lifetime.
-     */
-    private function getLifetime(): int
-    {
-        $cookieLifetime = (int) Session::config()->get('lifetime');
-        if ($cookieLifetime) {
-            return $cookieLifetime;
-        }
-        return (int) ini_get('session.gc_maxlifetime');
-    }
-
     private function logError(string $message): void
     {
         Injector::inst()->get(LoggerInterface::class)->error($message);

tests/php/Control/SessionHandler/CacheSessionHandlerTest.php

@@ -0,0 +1,142 @@
+<?php
+
+namespace SilverStripe\Control\Tests\SessionHandler;
+
+use PHPUnit\Framework\Attributes\DataProvider;
+use ReflectionProperty;
+use SilverStripe\Control\SessionHandler\CacheSessionHandler;
+use SilverStripe\Dev\SapphireTest;
+use Symfony\Component\Cache\Adapter\ArrayAdapter;
+use Symfony\Component\Cache\Psr16Cache;
+
+class CacheSessionHandlerTest extends SapphireTest
+{
+    protected $usesDatabase = false;
+
+    public static function provideRead(): array
+    {
+        return [
+            [
+                'sessionID' => 'existing-session',
+                'expected' => 'some-data',
+            ],
+            [
+                'sessionID' => 'new-session',
+                'expected' => '',
+            ],
+        ];
+    }
+
+    #[DataProvider('provideRead')]
+    public function testRead(string $sessionID, string $expected): void
+    {
+        $cacheAdapter = new Psr16Cache(new ArrayAdapter());
+        $handler = new CacheSessionHandler($cacheAdapter);
+        $cacheAdapter->set('existing-session', 'some-data');
+        $this->assertSame($expected, $handler->read($sessionID));
+    }
+
+    public function testReadExpired(): void
+    {
+        $cacheAdapter = new Psr16Cache(new ArrayAdapter());
+        $handler = new CacheSessionHandler($cacheAdapter);
+        $cacheAdapter->set('existing-session', 'some-data', -1);
+        $this->assertSame('', $handler->read('existing-session'));
+    }
+
+    public static function provideWrite(): array
+    {
+        return [
+            [
+                'sessionID' => 'existing-session',
+            ],
+            [
+                'sessionID' => 'new-session',
+            ],
+        ];
+    }
+
+    #[DataProvider('provideWrite')]
+    public function testWrite(string $sessionID): void
+    {
+        $cacheAdapter = new Psr16Cache(new ArrayAdapter());
+        $handler = new CacheSessionHandler($cacheAdapter);
+        $cacheAdapter->set('existing-session', 'some-data');
+        $handler->write($sessionID, 'updated-data');
+        $this->assertSame('updated-data', $cacheAdapter->get($sessionID));
+    }
+
+    public static function provideDestroy(): array
+    {
+        return [
+            [
+                'sessionID' => 'existing-session',
+            ],
+            [
+                'sessionID' => 'new-session',
+            ],
+        ];
+    }
+
+    #[DataProvider('provideDestroy')]
+    public function testDestroy(string $sessionID): void
+    {
+        $cacheAdapter = new Psr16Cache(new ArrayAdapter());
+        $handler = new CacheSessionHandler($cacheAdapter);
+        $cacheAdapter->set('existing-session', 'some-data');
+        $this->assertTrue($handler->destroy($sessionID));
+        $this->assertNull($cacheAdapter->get($sessionID));
+    }
+
+    public static function provideValidateId(): array
+    {
+        return [
+            'new session (no file) is invalid' => [
+                'sessionID' => 'new-session',
+                'isExpired' => false,
+                'expected' => false,
+            ],
+            'existing session is valid' => [
+                'sessionID' => 'existing-session',
+                'isExpired' => false,
+                'expected' => true,
+            ],
+            'expired existing session is invalid' => [
+                'sessionID' => 'existing-session',
+                'isExpired' => true,
+                'expected' => false,
+            ],
+        ];
+    }
+
+    #[DataProvider('provideValidateId')]
+    public function testValidateId(string $sessionID, bool $isExpired, bool $expected): void
+    {
+        $cacheAdapter = new Psr16Cache(new ArrayAdapter());
+        $handler = new CacheSessionHandler($cacheAdapter);
+        $cacheAdapter->set('existing-session', 'some-data', $isExpired ? -1 : 60);
+        $this->assertSame($expected, $handler->validateId($sessionID));
+    }
+
+    public function testUpdateTimestamp(): void
+    {
+        $arrayAdapter = new ArrayAdapter();
+        $cacheAdapter = new Psr16Cache($arrayAdapter);
+        $handler = new CacheSessionHandler($cacheAdapter);
+        $cacheAdapter->set('existing-session', 'some-data', 999999999);
+
+        $this->assertTrue($handler->updateTimestamp('existing-session', 'new content'));
+        $this->assertTrue($cacheAdapter->has('existing-session'));
+        $reflectionExpiries = new ReflectionProperty($arrayAdapter, 'expiries');
+        $reflectionExpiries->setAccessible(true);
+        $expiry = $reflectionExpiries->getValue($arrayAdapter)['existing-session'];
+
+        // 999999 is way more than the number of seconds the session should live for
+        // so calling updateTimestamp should set it to less than that but more than right now
+        // We can't do an exact time check because that would obviously introduce timing issues
+        // and Symfony's cache stuff doesn't use our internal DateTime so we can't set a mock now.
+        $this->assertLessThan(microtime(true) + 999999, $expiry);
+        $this->assertGreaterThan(microtime(true), $expiry);
+        $this->assertSame('new content', $cacheAdapter->get('existing-session'));
+    }
+}

tests/php/Control/SessionHandler/FileSessionHandlerTest.php

@@ -481,7 +481,7 @@ public function testGc(int $gcLifetime, int $configLifetime, array $sessionFiles
         $handler->open($baseDir, 'PHPSESSID');
 
         ini_set('session.gc_maxlifetime', $gcLifetime);
-        Session::config()->set('lifetime', $configLifetime);
+        Session::config()->set('timeout', $configLifetime);
 
         try {
             $this->withSessionExpiry($nonSessionFilePath, function () use ($sessionFilesLifetimeMap, $handler, $nonSessionFilePath, $expectDeleted) {

tests/php/ORM/DataListTest.php

@@ -865,9 +865,7 @@ public static function provideDefaultSort(): array
         ];
     }
 
-    /**
-     * @dataProvider provideDefaultSort
-     */
+    #[DataProvider('provideDefaultSort')]
     public function testDefaultSort(string|array $defaultSort, array $expected): void
     {
         // Prepare fixtures - we need some comments to be identical for the "two items" scenarios