Manual:Hooks/SessionMetadata

Details

 * Parameters
 * : being saved.
 * : Array of metadata to be stored. Add new keys here. Must be serializable.
 * : Array of potentially being saved to. Generally 0-1 real request and 0+.


 * What is allowed:
 * adding extra metadata to the session is allowed


 * What is not allowed
 * changing existing keys is not allowed

The metadata can be used to invalidate the session via the hook (e.g. to tie sessions to IPs, one could add the IP address in SessionMetadata and check it against the actual IP address of the request in SessionCheckInfo).

A adding metadata for its own session does not need this hook; it should instead pass the metadata to the SessionInfo constructor, or call , or use its   or   methods (which will be called on every request) to update existing metadata.

The default keys in  are:
 * (string) - the classname of the SessionProvider
 * (array|null) - metadata from the provider
 * (int)
 * (string)
 * (string)
 * (bool) - "remember me" flag for this session
 * (bool) - whether the user should be forced to use HTTPS.
 * note there is also a global configuration called Manual:$wgForceHTTPS
 * (int) - time of expiry as a Unix timestamp
 * (int|null) - Unix timestamp of when the user logged out (for a session that's anonymous but was logged-in earlier)
 * (bool) - whether the session is persisted (ie. the next request from the client will be recognized as belonging to the same session). Typically this means whether the session cookie has been set (or at least added to the current response).

Troubleshooting
If you get one of these exceptions thrown from the class :

UnexpectedValueException: SessionMetadata hook changed metadata key "provider" UnexpectedValueException: SessionMetadata hook changed metadata key "providerMetadata" UnexpectedValueException: SessionMetadata hook changed metadata key "userId" UnexpectedValueException: SessionMetadata hook changed metadata key "userName" UnexpectedValueException: SessionMetadata hook changed metadata key "userToken" UnexpectedValueException: SessionMetadata hook changed metadata key "remember" UnexpectedValueException: SessionMetadata hook changed metadata key "forceHTTPS" UnexpectedValueException: SessionMetadata hook changed metadata key "expires" UnexpectedValueException: SessionMetadata hook changed metadata key "loggedOut" UnexpectedValueException: SessionMetadata hook changed metadata key "persisted"

It means these metadata were changed in the hook and they shouldn't.

To change already-existing keys, use dedicated methods instead. Look at the class.