MDL-66151 Performance: Session Manager modularisation

Storage of session metadata has moved into the session handler class. This allows for other classes to fully control session handling and removes the dependancy on the core sessions database table. Previously, the standard method of interaction with the session metadata was direct DB calls; this may break other plugins as there are now proper APIs available through the session manager. Co-authored-by: Darren Cocco <moodle@darren.cocco.id.au> Co-authored-by: Trisha Milan <trishamilan@catalyst-au.net> Co-authored-by: Andrew Nicols <andrew@nicols.co.uk>
2025-08-08 18:36:42 +02:00 · 2022-08-04 11:11:07 +10:00 · 2022-08-04 11:11:07 +10:00 · e52fbd2f84
commit e52fbd2f84
parent 072fb90384
30 changed files with 1408 additions and 700 deletions
--- a/user/classes/privacy/provider.php
+++ b/user/classes/privacy/provider.php
@ -294,7 +294,10 @@ class provider implements
        // Delete user course requests.
        $DB->delete_records('course_request', ['requester' => $userid]);
        // Delete sessions.
-        $DB->delete_records('sessions', ['userid' => $userid]);
+        $sessions = \core\session\manager::get_sessions_by_userid($userid);
+        foreach ($sessions as $session) {
+            \core\session\manager::destroy($session->sid);
+        }
        // Do I delete user preferences? Seems like the right place to do it.
        $DB->delete_records('user_preferences', ['userid' => $userid]);

@ -528,7 +531,7 @@ class provider implements
    protected static function export_user_session_data(int $userid, \context $context) {
        global $DB, $SESSION;

-        $records = $DB->get_records('sessions', ['userid' => $userid]);
+        $records = \core\session\manager::get_sessions_by_userid($userid);
        if (!empty($records)) {
            $sessiondata = (object) array_map(function($record) {
                return [
--- a/user/editadvanced.php
+++ b/user/editadvanced.php
@ -233,7 +233,7 @@ if ($userform->is_cancelled()) {
                if (!empty($CFG->passwordchangelogout)) {
                    // We can use SID of other user safely here because they are unique,
                    // the problem here is we do not want to logout admin here when changing own password.
-                    \core\session\manager::kill_user_sessions($usernew->id, session_id());
+                    \core\session\manager::destroy_user_sessions($usernew->id, session_id());
                }
                if (!empty($usernew->signoutofotherservices)) {
                    webservice::delete_user_ws_tokens($usernew->id);
@ -243,7 +243,7 @@ if ($userform->is_cancelled()) {

        // Force logout if user just suspended.
        if (isset($usernew->suspended) and $usernew->suspended and !$user->suspended) {
-            \core\session\manager::kill_user_sessions($user->id);
+            \core\session\manager::destroy_user_sessions($user->id);
        }
    }

--- a/user/externallib.php
+++ b/user/externallib.php
@ -659,7 +659,7 @@ class core_user_external extends \core_external\external_api {
                    useredit_update_user_preference($userpref);
                }
                if (isset($user['suspended']) and $user['suspended']) {
-                    \core\session\manager::kill_user_sessions($user['id']);
+                    \core\session\manager::destroy_user_sessions($user['id']);
                }

                $transaction->allow_commit();
--- a/user/tests/privacy/provider_test.php
+++ b/user/tests/privacy/provider_test.php
@ -13,33 +13,30 @@
 //
 // You should have received a copy of the GNU General Public License
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
-/**
- * Privacy tests for core_user.
- *
- * @package    core_user
- * @category   test
- * @copyright  2018 Adrian Greeve <adrian@moodle.com>
- * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
- */
+
 namespace core_user\privacy;

-defined('MOODLE_INTERNAL') || die();
-global $CFG;
-
-use \core_privacy\tests\provider_testcase;
-use \core_user\privacy\provider;
-use \core_privacy\local\request\approved_userlist;
-use \core_privacy\local\request\transform;
-
-require_once($CFG->dirroot . "/user/lib.php");
+use core\tests\session\mock_handler;
+use core_privacy\tests\provider_testcase;
+use core_privacy\local\request\approved_userlist;
+use core_privacy\local\request\transform;
+use core_user\privacy\provider;

 /**
 * Unit tests for core_user.
 *
+ * @package core_user
 * @copyright  2018 Adrian Greeve <adrian@moodle.com>
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ * @covers \core_user\privacy\provider
 */
-class provider_test extends provider_testcase {
+final class provider_test extends provider_testcase {
+    public static function setUpBeforeClass(): void {
+        global $CFG;
+        parent::setUpBeforeClass();
+
+        require_once($CFG->dirroot . "/user/lib.php");
+    }

    /**
     * Check that context information is returned correctly.
@ -475,7 +472,8 @@ class provider_test extends provider_testcase {
            'firstip' => '0.0.0.0',
            'lastip' => '0.0.0.0'
        ];
-        $DB->insert_record('sessions', $usersessions);
+        $mockhandler = new mock_handler();
+        $mockhandler->add_test_session($usersessions);
    }

    /**