more refactoring on the framework.

application/config/session.php

@@ -16,7 +16,7 @@ return array(
 	|
 	*/
 
-	'driver' => '',
+	'driver' => 'file',
 
 	/*
 	|--------------------------------------------------------------------------
@@ -75,30 +75,4 @@ return array(
 
 	'domain' => null,
 
-	/*
-	|--------------------------------------------------------------------------
-	| Session Cookie HTTPS
-	|--------------------------------------------------------------------------
-	|
-	| Determines if the session cookie should only be transported over HTTPS.
-	|
-	*/
-
-	'https' => false,
-
-	/*
-	|--------------------------------------------------------------------------
-	| HTTP Only Session Cookie
-	|--------------------------------------------------------------------------
-	|
-	| Determines if the session cookie should only be accessible over HTTP.
-	|
-	| Note: The intention of the "HTTP Only" option is to keep cookies from
-	|       being accessed by client-side scripting languages. However, this
-	|       setting should not be viewed as providing total XSS protection.
-	|
-	*/
-
-	'http_only' => false,
-
 );

laravel/cache/apc.php → laravel/cache/drivers/apc.php

@@ -1,4 +1,4 @@
-<?php namespace Laravel\Cache;
+<?php namespace Laravel\Cache\Drivers;
 
 use Laravel\Proxy;
 
@@ -50,7 +50,7 @@ class APC extends Driver {
 	 */
 	protected function retrieve($key)
 	{
-		return ( ! is_null($cache = $this->proxy->apc_fetch($this->key.$key))) ? $cache : null;
+		if ( ! is_null($cache = $this->proxy->apc_fetch($this->key.$key))) return $cache;
 	}
 
 	/**

laravel/cache/driver.php → laravel/cache/drivers/driver.php

@@ -1,4 +1,4 @@
-<?php namespace Laravel\Cache;
+<?php namespace Laravel\Cache\Drivers;
 
 use Closure;
 
@@ -18,14 +18,6 @@ abstract class Driver {
 	 * A default value may also be specified, and will be returned in the requested
 	 * item does not exist in the cache.
 	 *
-	 * <code>
-	 *		// Retrieve an item from the cache
-	 *		$name = Cache::get('name');
-	 *
-	 *		// Retrieve an item from the cache and return a default value if it doesn't exist
-	 *		$name = Cache::get('name', 'Fred');
-	 * </code>
-	 *
 	 * @param  string  $key
 	 * @param  mixed   $default
 	 * @param  string  $driver
@@ -49,11 +41,6 @@ abstract class Driver {
 	/**
 	 * Write an item to the cache for a given number of minutes.
 	 *
-	 * <code>
-	 *		// Store an item in the cache for 5 minutes
-	 *		Cache::put('name', 'Fred', 5);
-	 * </code>
-	 *
 	 * @param  string  $key
 	 * @param  mixed   $value
 	 * @param  int     $minutes
@@ -65,14 +52,6 @@ abstract class Driver {
 	 * Get an item from the cache. If the item doesn't exist in the cache, store
 	 * the default value in the cache and return it.
 	 *
-	 * <code>
-	 *		// Get an item from the cache and store the default value if it doesn't exist
-	 *		Cache::remember('name', 'Fred', 5);
-	 *
-	 *		// Closures may also be used to defer retrieval of the default value
-	 *		Cache::remember('users', function() {return DB::table('users')->get();}, 5);
-	 * </code>
-	 *
 	 * @param  string  $key
 	 * @param  mixed   $default
 	 * @param  int     $minutes

laravel/cache/file.php → laravel/cache/drivers/file.php

@@ -1,4 +1,4 @@
-<?php namespace Laravel\Cache;
+<?php namespace Laravel\Cache\Drivers;
 
 class File extends Driver {
 

laravel/cache/memcached.php → laravel/cache/drivers/memcached.php

@@ -1,5 +1,6 @@
-<?php namespace Laravel\Cache;
+<?php namespace Laravel\Cache\Drivers;
 
+use Memcache;
 use Laravel\Config;
 
 class Memcached extends Driver {
@@ -24,7 +25,7 @@ class Memcached extends Driver {
 	 * @param  Memcache  $memcache
 	 * @return void
 	 */
-	public function __construct(\Memcache $memcache, $key)
+	public function __construct(Memcache $memcache, $key)
 	{
 		$this->key = $key;
 		$this->memcache = $memcache;
@@ -49,7 +50,7 @@ class Memcached extends Driver {
 	 */
 	protected function retrieve($key)
 	{
-		return (($cache = $this->memcache->get($this->key.$key)) !== false) ? $cache : null;
+		if (($cache = $this->memcache->get($this->key.$key)) !== false) return $cache;
 	}
 
 	/**

laravel/config/container.php

@@ -225,7 +225,7 @@ return array(
 
 		$config = $container->resolve('laravel.config')->get('session');
 
-		return new Session\Cookie(Security\Crypter::make(), $cookies, $config);
+		return new Session\Drivers\Cookie(Security\Crypter::make(), $cookies);
 	}),
 
 	/*
@@ -238,7 +238,7 @@ return array(
 	{
 		$table = $container->resolve('laravel.config')->get('session.table');
 
-		return new Session\Database($container->resolve('laravel.database.manager')->connection(), $table);
+		return new Session\Drivers\Database($container->resolve('laravel.database.manager')->connection());
 	}),
 
 	/*
@@ -260,13 +260,13 @@ return array(
 
 	'laravel.cache.file' => array('resolver' => function($container)
 	{
-		return new Cache\File($container->resolve('laravel.file'), CACHE_PATH);
+		return new Cache\Drivers\File($container->resolve('laravel.file'), CACHE_PATH);
 	}),
 
 
 	'laravel.session.file' => array('resolver' => function($container)
 	{
-		return new Session\File($container->resolve('laravel.file'), SESSION_PATH);
+		return new Session\Drivers\File($container->resolve('laravel.file'), SESSION_PATH);
 	}),
 
 	/*
@@ -277,7 +277,13 @@ return array(
 
 	'laravel.cache.apc' => array('resolver' => function($container)
 	{
-		return new Cache\APC(new Proxy, $container->resolve('laravel.config')->get('cache.key'));
+		return new Cache\Drivers\APC(new Proxy, $container->resolve('laravel.config')->get('cache.key'));
+	}),
+
+
+	'laravel.session.id' => array('singleton' => true, 'resolver' => function($container)
+	{
+		return $container->resolve('laravel.cookie')->get('laravel_session');
 	}),
 
 
@@ -285,7 +291,7 @@ return array(
 	{
 		$lifetime = $container->resolve('laravel.config')->get('session.lifetime');
 
-		return new Session\APC($container->resolve('laravel.cache.apc'), $lifetime);
+		return new Session\Drivers\APC($container->resolve('laravel.cache.apc'));
 	}),
 
 	/*
@@ -300,7 +306,7 @@ return array(
 
 		$key = $container->resolve('laravel.config')->get('cache.key');
 
-		return new Cache\Memcached($connection, $key);
+		return new Cache\Drivers\Memcached($connection, $key);
 	}),
 
 
@@ -308,7 +314,7 @@ return array(
 	{
 		$lifetime = $container->resolve('laravel.config')->get('session.lifetime');
 
-		return new Session\Memcached($container->resolve('laravel.cache.memcached'), $lifetime);
+		return new Session\Drivers\Memcached($container->resolve('laravel.cache.memcached'));
 	}),
 
 

laravel/laravel.php

@@ -49,9 +49,9 @@ date_default_timezone_set($config->get('application.timezone'));
 // --------------------------------------------------------------
 if ($config->get('session.driver') !== '')
 {
-	$cookie = $container->resolve('laravel.input')->cookies->get('laravel_session');
+	$id = $container->resolve('laravel.session.id');
 
-	$container->resolve('laravel.session')->start($cookie, $config->get('session'));
+	$container->resolve('laravel.session')->start($container->resolve('laravel.config'), $id);
 }
 
 // --------------------------------------------------------------

laravel/session/apc.php → laravel/session/drivers/apc.php

@@ -1,32 +1,23 @@
-<?php namespace Laravel\Session;
+<?php namespace Laravel\Session\Drivers;
 
 class APC extends Driver {
 
 	/**
 	 * The APC cache driver instance.
 	 *
-	 * @var Cache\APC
+	 * @var Cache\Drivers\APC
 	 */
-	private $apc;
-
-	/**
-	 * The session lifetime.
-	 *
-	 * @var int
-	 */
-	private $lifetime;
+	protected $apc;
 
 	/**
 	 * Create a new APC session driver instance.
 	 *
-	 * @param  Cache\APC  $apc
-	 * @param  int        $lifetime
+	 * @param  Cache\Drivers\APC  $apc
 	 * @return void
 	 */
-	public function __construct(\Laravel\Cache\APC $apc, $lifetime)
+	public function __construct(\Laravel\Cache\Drivers\APC $apc)
 	{
 		$this->apc = $apc;
-		$this->lifetime = $lifetime;
 	}
 
 	/**
@@ -47,7 +38,7 @@ class APC extends Driver {
 	 */
 	protected function save()
 	{
-		$this->apc->put($this->session['id'], $this->session, $this->lifetime);
+		$this->apc->put($this->session['id'], $this->session, $this->config->get('session.lifetime'));
 	}
 
 	/**

laravel/session/cookie.php → laravel/session/drivers/cookie.php

@@ -1,42 +1,33 @@
-<?php namespace Laravel\Session;
+<?php namespace Laravel\Session\Drivers;
 
 use Laravel\Security\Crypter;
 
 class Cookie extends Driver {
 
 	/**
-	 * The cookie engine instance.
+	 * The cookie manager instance.
 	 *
 	 * @var Cookie
 	 */
 	private $cookie;
 
 	/**
-	 * The Crypter instance.
+	 * The crypter instance.
 	 *
 	 * @var Crypter
 	 */
 	private $crypter;
 
-	/**
-	 * The session configuration array.
-	 *
-	 * @var array
-	 */
-	private $config;
-
 	/**
 	 * Create a new Cookie session driver instance.
 	 *
 	 * @param  Crypter         $crypter
 	 * @param  Laravel\Cookie  $cookie
-	 * @param  array           $config
 	 * @return void
 	 */
-	public function __construct(Crypter $crypter, \Laravel\Cookie $cookie, $config)
+	public function __construct(Crypter $crypter, \Laravel\Cookie $cookie)
 	{
 		$this->cookie = $cookie;
-		$this->config = $config;
 		$this->crypter = $crypter;
 	}
 
@@ -63,11 +54,13 @@ class Cookie extends Driver {
 	{
 		if ( ! headers_sent())
 		{
-			extract($this->config);
+			$config = $this->config->get('session');
+
+			extract($config);
 
 			$payload = $this->crypter->encrypt(serialize($this->session));
 
-			$this->cookie->put('session_payload', $payload, $lifetime, $path, $domain, $https, $http_only);
+			$this->cookie->put('session_payload', $payload, $lifetime, $path, $domain);
 		}
 	}
 

laravel/session/database.php → laravel/session/drivers/database.php

@@ -1,4 +1,4 @@
-<?php namespace Laravel\Session;
+<?php namespace Laravel\Session\Drivers;
 
 use Laravel\Database\Connection;
 
@@ -11,23 +11,14 @@ class Database extends Driver implements Sweeper {
 	 */
 	protected $connection;
 
-	/**
-	 * The database table to which the sessions should be written.
-	 *
-	 * @var string
-	 */
-	protected $table;
-
 	/**
 	 * Create a new database session driver.
 	 *
 	 * @param  Connection  $connection
-	 * @param  string      $table
 	 * @return void
 	 */
-	public function __construct(Connection $connection, $table)
+	public function __construct(Connection $connection)
 	{
-		$this->table = $table;
 		$this->connection = $connection;
 	}
 
@@ -95,7 +86,7 @@ class Database extends Driver implements Sweeper {
 	 */
 	protected function table()
 	{
-		return $this->connection->table($this->table);		
+		return $this->connection->table($this->config->get('session.table'));		
 	}
 	
 }

laravel/session/driver.php → laravel/session/drivers/driver.php

@@ -1,7 +1,9 @@
-<?php namespace Laravel\Session;
+<?php namespace Laravel\Session\Drivers;
 
+use Closure;
 use Laravel\Str;
 use Laravel\Input;
+use Laravel\Config;
 use Laravel\Cookie;
 
 abstract class Driver {
@@ -14,38 +16,54 @@ abstract class Driver {
 	public $session = array();
 
 	/**
-	 * The application session configuration.
+	 * The configuration manager instance.
 	 *
-	 * @var array
+	 * @var Config
 	 */
-	public $config = array();
+	protected $config;
 
 	/**
 	 * Load the session for a given session ID.
 	 *
-	 * The session will be checked for validity and necessary data. For example, if the session
-	 * does not have a CSRF token, a token will be generated for the session.
-	 *
 	 * If the session has expired, a new, empty session will be generated.
 	 *
+	 * @param  Config  $config
 	 * @param  string  $id
-	 * @param  array   $config
 	 * @return void
 	 */
-	public function start($id, $config)
+	public final function start(Config $config, $id)
 	{
 		$this->config = $config;
 
 		$this->session = ( ! is_null($id)) ? $this->load($id) : null;
 
-		if (is_null($this->session) or (time() - $this->session['last_activity']) > ($this->config['lifetime'] * 60))
+		// If the session is expired, a new session will be generated and all of the data from
+		// the previous session will be lost. The new session will be assigned a random, long
+		// string ID to uniquely identify it among the application's current users.
+		if (is_null($this->session) or $this->expired())
 		{
 			$this->session = array('id' => Str::random(40), 'data' => array());
 		}
 
-		if ( ! $this->has('csrf_token')) $this->put('csrf_token', Str::random(16));
+		// If a CSRF token is not present in the session, we will generate one. These tokens
+		// are generated per session to protect against Cross-Site Request Forgery attacks on
+		// the application. It is up to the developer to take advantage of them using the token
+		// methods on the Form class and the "csrf" route filter.
+		if ( ! $this->has('csrf_token'))
+		{
+			$this->put('csrf_token', Str::random(16));
+		}
+	}
 
-		$this->session['last_activity'] = time();
+	/**
+	 * Deteremine if the session is expired based on the last activity timestamp
+	 * and the session lifetime set in the configuration file.
+	 *
+	 * @return bool
+	 */
+	private function expired()
+	{
+		return (time() - $this->session['last_activity']) > ($this->config->get('session.lifetime') * 60);
 	}
 
 	/**
@@ -86,41 +104,28 @@ abstract class Driver {
 	 *
 	 * A default value may also be specified, and will be returned in the item doesn't exist.
 	 *
-	 * <code>
-	 *		// Get an item from the session
-	 *		$name = Session::get('name');
-	 *
-	 *		// Get an item from the session and return a default value if it doesn't exist
-	 *		$name = Session::get('name', 'Fred');
-	 * </code>
-	 *
 	 * @param  string  $key
 	 * @param  mixed   $default
 	 * @return mixed
 	 */
-	public function get($key, $default = null)
+	public final function get($key, $default = null)
 	{
 		foreach (array($key, ':old:'.$key, ':new:'.$key) as $possibility)
 		{
 			if (array_key_exists($possibility, $this->session['data'])) return $this->session['data'][$possibility];
 		}
 
-		return ($default instanceof \Closure) ? call_user_func($default) : $default;
+		return ($default instanceof Closure) ? call_user_func($default) : $default;
 	}
 
 	/**
 	 * Write an item to the session.
 	 *
-	 * <code>
-	 *		// Store an item in the session
-	 *		Session::put('name', 'Fred');
-	 * </code>
-	 *
 	 * @param  string  $key
 	 * @param  mixed   $value
 	 * @return Driver
 	 */
-	public function put($key, $value)
+	public final function put($key, $value)
 	{
 		$this->session['data'][$key] = $value;
 
@@ -133,29 +138,52 @@ abstract class Driver {
 	 * Flash data only exists for the next request. After that, it will be removed from
 	 * the session. Flash data is useful for temporary status or welcome messages.
 	 *
-	 * <code>
-	 *		// Store an item in the session flash data
-	 *		Session::flash('name', 'Fred');
-	 * </code>
-	 *
 	 * @param  string  $key
 	 * @param  mixed   $value
 	 * @return Driver
 	 */
-	public function flash($key, $value)
+	public final function flash($key, $value)
 	{
 		$this->put(':new:'.$key, $value);
 
 		return $this;
 	}
 
+	/**
+	 * Keep all of the session flash data from expiring at the end of the request.
+	 *
+	 * @return void
+	 */
+	public final function reflash()
+	{
+		$this->readdress(':old:', ':new:', array_keys($this->session['data']));
+	}
+
+	/**
+	 * Keep a session flash item from expiring at the end of the request.
+	 *
+	 * If a string is passed to the method, only that item will be kept. An array may also
+	 * be passed to the method, in which case all items in the array will be kept.
+	 *
+	 * @param  string|array  $key
+	 * @return void
+	 */
+	public final function keep($key)
+	{
+		if (is_array($key)) return array_map(array($this, 'keep'), $key);
+
+		$this->flash($key, $this->get($key));
+
+		$this->forget(':old:'.$key);
+	}
+
 	/**
 	 * Remove an item from the session.
 	 *
 	 * @param  string  $key
 	 * @return Driver
 	 */
-	public function forget($key)
+	public final function forget($key)
 	{
 		unset($this->session['data'][$key]);
 	}
@@ -165,7 +193,7 @@ abstract class Driver {
 	 *
 	 * @return void
 	 */
-	public function flush()
+	public final function flush()
 	{
 		$this->session['data'] = array();
 	}
@@ -175,7 +203,7 @@ abstract class Driver {
 	 *
 	 * @return void
 	 */
-	public function regenerate()
+	public final function regenerate()
 	{
 		$this->delete();
 
@@ -183,25 +211,28 @@ abstract class Driver {
 	}
 
 	/**
-	 * Close the session.
-	 *
-	 * The session will be stored in persistant storage and the session cookie will be
-	 * session cookie will be sent to the browser.
-	 *
-	 * The input of the current request will also be flashed to the session so it is
-	 * available for the next request via the "old" method on the input class.
+	 * Close the session and store the session payload in persistant storage.
 	 *
 	 * @param  Laravel\Input  $input
 	 * @return void
 	 */
 	public function close(Input $input)
 	{
+		// The input for the current request will be flashed to the session for
+		// convenient access through the "old" method of the input class. This
+		// allows the easy repopulation of forms.
 		$this->flash('laravel_old_input', $input->get())->age();
 
+		$this->session['last_activity'] = time();
+
 		$this->save();
 
-		$this->write_cookie($input->cookies, $this->config);
+		$this->cookie($input->cookies);
 
+		// Some session drivers implement the "Sweeper" interface, which specifies
+		// that the driver needs to manually clean up its expired sessions. If the
+		// driver does in fact implement this interface, we will randomly call the
+		// sweep method on the driver.
 		if ($this instanceof Sweeper and mt_rand(1, 100) <= 2)
 		{
 			$this->sweep(time() - ($this->config['lifetime'] * 60));
@@ -211,56 +242,56 @@ abstract class Driver {
 	/**
 	 * Age the session flash data.
 	 *
-	 * To age the data, we will forget all of the old keys and then rewrite the newly
-	 * flashed items to have old keys, which will be available for the next request.
-	 *
 	 * @return void
 	 */
-	protected function age()
+	private function age()
 	{
+		// To age the data, we will forget all of the old keys and then rewrite the newly
+		// flashed items to have old keys, which will be available for the next request.
 		foreach ($this->session['data'] as $key => $value)
 		{
 			if (strpos($key, ':old:') === 0) $this->forget($key);
 		}
 
-		$session = $this->session['data'];
+		$this->readdress(':new:', ':old:', array_keys($this->session['data']));
+	}
 
-		$this->session['data'] = array_combine(str_replace(':new:', ':old:', array_keys($session)), array_values($session));
+	/**
+	 * Readdress the session data by performing a string replacement on the keys.
+	 *
+	 * @param  string  $search
+	 * @param  string  $replace
+	 * @param  array   $keys
+	 * @return void
+	 */
+	private function readdress($search, $replace, $keys)
+	{
+		$this->session['data'] = array_combine(str_replace($search, $replace, $keys), array_values($this->session['data']));
 	}
 
 	/**
 	 * Write the session cookie.
 	 *
-	 * All of the session cookie configuration options are stored in the session
-	 * configuration file. The cookie will only be written if the headers have not
-	 * already been sent to the browser.
-	 *
 	 * @param  Laravel\Cookie  $cookie
 	 * @param  array           $config
 	 * @return void
 	 */
-	protected function write_cookie(Cookie $cookies, $config)
+	private function cookie(Cookie $cookies)
 	{
 		if ( ! headers_sent())
 		{
+			$config = $this->config->get('session');
+
 			extract($config);
 
 			$minutes = ($expire_on_close) ? 0 : $lifetime;
 
-			$cookies->put('laravel_session', $this->session['id'], $minutes, $path, $domain, $https, $http_only);
+			$cookies->put('laravel_session', $this->session['id'], $minutes, $path, $domain);
 		}
 	}
 
 	/**
 	 * Magic Method for retrieving items from the session.
-	 *
-	 * This method is particularly helpful in controllers where access to the IoC container
-	 * is provided through the controller's magic __get method.
-	 *
-	 * <code>
-	 *		// Retrieve an item from the session from a controller method
-	 *		$name = $this->session->name;
-	 * </code>
 	 */
 	public function __get($key)
 	{
@@ -269,14 +300,6 @@ abstract class Driver {
 
 	/**
 	 * Magic Method for writings items to the session.
-	 *
-	 * This method is particularly helpful in controllers where access to the IoC container
-	 * is provided through the controller's magic __get method.
-	 *
-	 * <code>
-	 *		// Set an item in the session from a controller method
-	 *		$this->session->name = 'Fred';
-	 * </code>
 	 */
 	public function __set($key, $value)
 	{

laravel/session/file.php → laravel/session/drivers/file.php

@@ -1,4 +1,4 @@
-<?php namespace Laravel\Session;
+<?php namespace Laravel\Session\Drivers;
 
 class File extends Driver implements Sweeper {
 

laravel/session/memcached.php → laravel/session/drivers/memcached.php

@@ -1,4 +1,4 @@
-<?php namespace Laravel\Session;
+<?php namespace Laravel\Session\Drivers;
 
 class Memcached extends Driver {
 
@@ -9,22 +9,14 @@ class Memcached extends Driver {
 	 */
 	private $memcached;
 
-	/**
-	 * The session lifetime.
-	 *
-	 * @var int
-	 */
-	private $lifetime;
-
 	/**
 	 * Create a new Memcached session driver instance.
 	 *
 	 * @param  Memcached  $memcached
 	 * @return void
 	 */
-	public function __construct(\Laravel\Cache\Memcached $memcached, $lifetime)
+	public function __construct(\Laravel\Cache\Drivers\Memcached $memcached)
 	{
-		$this->lifetime = $lifetime;
 		$this->memcached = $memcached;
 	}
 
@@ -46,7 +38,7 @@ class Memcached extends Driver {
 	 */
 	protected function save()
 	{
-		$this->memcached->put($this->session['id'], $this->session, $this->lifetime);
+		$this->memcached->put($this->session['id'], $this->session, $this->config->get('session.lifetime'));
 	}
 
 	/**

laravel/session/sweeper.php → laravel/session/drivers/sweeper.php

@@ -1,4 +1,4 @@
-<?php namespace Laravel\Session;
+<?php namespace Laravel\Session\Drivers;
 
 interface Sweeper {