Manual:SessionManager and AuthManager/SessionProvider examples
From mediawiki.org
Use cookies set by some external authentication system
[edit ]<?php use MediaWiki\Request\WebRequest; use MediaWiki\Session\ImmutableSessionProviderWithCookie; use MediaWiki\Session\UserInfo; use MediaWiki\Session\SessionInfo; class MySessionProvider extends ImmutableSessionProviderWithCookie { public function provideSessionInfo( WebRequest $request ) { $data = $request->getCookie( 'someCookie' ); // the following assumes that: // - getLoggedInStatusFromCookieSomehow() // - getUsernameFromCookieSomehow() // are defined somewhere as instance methods to the class $isLoggedIn = $this->getLoggedInStatusFromCookieSomehow( $data ); $username = $this->getUsernameFromCookieSomehow( $data ); // assumed to be safe against tampering if ( !$isLoggedIn ) { return null; } // Beware of mismatches in allowed characters or semantics in the username. // For example, MediaWiki ignores the case of only the first letter, while // the external system may be fully case-sensitive or case-insensitive. // See T165795 for an example of such a bug. $userInfo = UserInfo::newFromName( $username, true ); $id = null; $persisted = null; $forceUse = null; if ( $this->sessionCookieName === null ) { $id = $this->hashToSessionId( $username ); $persisted = false; $forceUse = true; } else { $id = $this->getSessionIdFromCookie( $request ); $persisted = $id !== null; $forceUse = false; } return new SessionInfo( SessionInfo::MAX_PRIORITY, [ 'provider' => $this, 'id' => $id, 'userInfo' => $userInfo, 'persisted' => $persisted, 'forceUse' => $forceUse, ] ); } }