user_id, 'session_tokens', true ); if ( ! is_array( $sessions ) ) { return array(); } $sessions = array_map( array( $this, 'prepare_session' ), $sessions ); return array_filter( $sessions, array( $this, 'is_still_valid' ) ); } /** * Converts an expiration to an array of session information. * * @param mixed $session Session or expiration. * @return array Session. */ protected function prepare_session( $session ) { if ( is_int( $session ) ) { return array( 'expiration' => $session ); } return $session; } /** * Retrieve a session by its verifier (token hash). * * @since 4.0.0 * @access protected * * @param string $verifier Verifier of the session to retrieve. * @return array|null The session, or null if it does not exist */ protected function get_session( $verifier ) { $sessions = $this->get_sessions(); if ( isset( $sessions[ $verifier ] ) ) { return $sessions[ $verifier ]; } return null; } /** * Update a session by its verifier. * * @since 4.0.0 * @access protected * * @param string $verifier Verifier of the session to update. * @param array $session Optional. Session. Omitting this argument destroys the session. */ protected function update_session( $verifier, $session = null ) { $sessions = $this->get_sessions(); if ( $session ) { $sessions[ $verifier ] = $session; } else { unset( $sessions[ $verifier ] ); } $this->update_sessions( $sessions ); } /** * Update a user's sessions in the usermeta table. * * @since 4.0.0 * @access protected * * @param array $sessions Sessions. */ protected function update_sessions( $sessions ) { if ( $sessions ) { update_user_meta( $this->user_id, 'session_tokens', $sessions ); } else { delete_user_meta( $this->user_id, 'session_tokens' ); } } /** * Destroy all session tokens for a user, except a single session passed. * * @since 4.0.0 * @access protected * * @param string $verifier Verifier of the session to keep. */ protected function destroy_other_sessions( $verifier ) { $session = $this->get_session( $verifier ); $this->update_sessions( array( $verifier => $session ) ); } /** * Destroy all session tokens for a user. * * @since 4.0.0 * @access protected */ protected function destroy_all_sessions() { $this->update_sessions( array() ); } /** * Destroy all session tokens for all users. * * @since 4.0.0 * @access public * @static */ public static function drop_sessions() { delete_metadata( 'user', 0, 'session_tokens', false, true ); } }