3 * Session API: WP_User_Meta_Session_Tokens class
11 * Meta-based user sessions token manager.
15 class WP_User_Meta_Session_Tokens extends WP_Session_Tokens {
18 * Get all sessions of a user.
23 * @return array Sessions of a user.
25 protected function get_sessions() {
26 $sessions = get_user_meta( $this->user_id, 'session_tokens', true );
28 if ( ! is_array( $sessions ) ) {
32 $sessions = array_map( array( $this, 'prepare_session' ), $sessions );
33 return array_filter( $sessions, array( $this, 'is_still_valid' ) );
37 * Converts an expiration to an array of session information.
39 * @param mixed $session Session or expiration.
40 * @return array Session.
42 protected function prepare_session( $session ) {
43 if ( is_int( $session ) ) {
44 return array( 'expiration' => $session );
51 * Retrieve a session by its verifier (token hash).
56 * @param string $verifier Verifier of the session to retrieve.
57 * @return array|null The session, or null if it does not exist
59 protected function get_session( $verifier ) {
60 $sessions = $this->get_sessions();
62 if ( isset( $sessions[ $verifier ] ) ) {
63 return $sessions[ $verifier ];
70 * Update a session by its verifier.
75 * @param string $verifier Verifier of the session to update.
76 * @param array $session Optional. Session. Omitting this argument destroys the session.
78 protected function update_session( $verifier, $session = null ) {
79 $sessions = $this->get_sessions();
82 $sessions[ $verifier ] = $session;
84 unset( $sessions[ $verifier ] );
87 $this->update_sessions( $sessions );
91 * Update a user's sessions in the usermeta table.
96 * @param array $sessions Sessions.
98 protected function update_sessions( $sessions ) {
100 update_user_meta( $this->user_id, 'session_tokens', $sessions );
102 delete_user_meta( $this->user_id, 'session_tokens' );
107 * Destroy all session tokens for a user, except a single session passed.
112 * @param string $verifier Verifier of the session to keep.
114 protected function destroy_other_sessions( $verifier ) {
115 $session = $this->get_session( $verifier );
116 $this->update_sessions( array( $verifier => $session ) );
120 * Destroy all session tokens for a user.
125 protected function destroy_all_sessions() {
126 $this->update_sessions( array() );
130 * Destroy all session tokens for all users.
136 public static function drop_sessions() {
137 delete_metadata( 'user', 0, 'session_tokens', false, true );