Fix issues with extending modSessionHandler and flushing all sessions

core/src/Revolution/Processors/Security/Flush.php

@@ -19,32 +19,29 @@
  */
 class Flush extends Processor
 {
+    /**
+     * @return array
+     */
+    public function getLanguageTopics()
+    {
+        return ['topmenu'];
+    }
+
     public function checkPermissions()
     {
         return $this->modx->hasPermission('flush_sessions');
     }
 
     public function process()
     {
-        if ($this->modx->getOption('session_handler_class',null,modSessionHandler::class) === modSessionHandler::class) {
-            if (!$this->flushSessions()) {
-                return $this->failure($this->modx->lexicon('flush_sessions_err'));
-            }
-        } else {
+        $sessionHandler = $this->modx->services->get('session_handler');
+        if (!method_exists($sessionHandler, 'flushSessions')) {
             return $this->failure($this->modx->lexicon('flush_sessions_not_supported'));
         }
-        return $this->success();
-    }
-
-    public function flushSessions()
-    {
-        $flushed = true;
-        $sessionTable = $this->modx->getTableName(modSession::class);
-        if ($this->modx->query("TRUNCATE TABLE {$sessionTable}") == false) {
-            $flushed = false;
-        } else {
-            $this->modx->user->endSession();
+        $flushed = call_user_func_array([$sessionHandler, 'flushSessions'], [&$this->modx]);
+        if (!$flushed) {
+            return $this->failure($this->modx->lexicon('flush_sessions_err'));
         }
-        return $flushed;
+        return $this->success();
     }
 }

core/src/Revolution/modSessionHandler.php

@@ -16,7 +16,7 @@
  *
  * @package MODX\Revolution
  */
-class modSessionHandler
+class modSessionHandler implements \SessionHandlerInterface
 {
     /**
      * @var modX A reference to the modX instance controlling this session
@@ -42,7 +42,7 @@ class modSessionHandler
      *
      * @param modX &$modx A reference to a {@link modX} instance.
      */
-    function __construct(modX &$modx)
+    public function __construct(modX &$modx)
     {
         $this->modx = &$modx;
         $gcMaxlifetime = (integer)$this->modx->getOption('session_gc_maxlifetime');
@@ -68,7 +68,7 @@ function __construct(modX &$modx)
      * @return boolean Always returns true; actual connection is managed by
      * {@link modX}.
      */
-    public function open()
+    public function open($path, $name)
     {
         return true;
     }
@@ -166,6 +166,23 @@ public function gc($max)
         return $this->modx->removeCollection(modSession::class, ["{$this->modx->escape('access')} < {$maxtime}"]);
     }
 
+    /**
+     * Removes all sessions, logging out all users.
+     *
+     * @param modX $modx
+     * @return boolean
+     */
+    public static function flushSessions(modX $modx)
+    {
+        $sessionTable = $modx->getTableName(modSession::class);
+        if ($modx->query("TRUNCATE TABLE {$sessionTable}") == false) {
+            return false;
+        }
+
+        $modx->user->endSession();
+        return true;
+    }
+
     /**
      * Gets the {@link modSession} object, respecting the cache flag represented by cacheLifetime.
      *

core/src/Revolution/modX.php

@@ -2740,25 +2740,15 @@ protected function _initSession($options = null) {
         $contextKey= $this->context instanceof modContext ? $this->context->get('key') : null;
         if ($this->getOption('session_enabled', $options, true) || isset($_GET['preview'])) {
             if (!in_array($this->getSessionState(), [modX::SESSION_STATE_INITIALIZED, modX::SESSION_STATE_EXTERNAL, modX::SESSION_STATE_UNAVAILABLE], true)) {
-                $sh = false;
-                if ($sessionHandlerClass = $this->getOption('session_handler_class', $options)) {
-                    if ($shClass = $this->loadClass($sessionHandlerClass, '', false, true)) {
-                        if ($sh = new $shClass($this)) {
-                            session_set_save_handler(
-                                [& $sh, 'open'],
-                                [& $sh, 'close'],
-                                [& $sh, 'read'],
-                                [& $sh, 'write'],
-                                [& $sh, 'destroy'],
-                                [& $sh, 'gc']
-                            );
-                        }
+                $sessionHandlerClass = $this->getOption('session_handler_class', $options);
+                if (is_string($sessionHandlerClass) && !empty($sessionHandlerClass) && class_exists($sessionHandlerClass)) {
+                    $sh = new $sessionHandlerClass($this);
+                    if ($sh instanceof \SessionHandlerInterface) {
+                        $this->services->add('session_handler', $sh);
+                        session_set_save_handler($sh);
                     }
                 }
-                if (
-                    (is_string($sessionHandlerClass) && !$sh instanceof $sessionHandlerClass) ||
-                    !is_string($sessionHandlerClass)
-                ) {
+                if (!$this->services->has('session_handler')) {
                     $sessionSavePath = $this->getOption('session_save_path', $options);
                     if ($sessionSavePath && is_writable($sessionSavePath)) {
                         session_save_path($sessionSavePath);