[Solar-svn] Revision 2655

[pmjones at solarphp.com]

Solar_Session: [ADD] Support for P3P header, to help with IE6 privacy controls.  Thanks, Clay Loveless, for providing this patch.


Modified: trunk/Solar/Session.php
===================================================================
--- trunk/Solar/Session.php	2007-07-30 15:24:20 UTC (rev 2654)
+++ trunk/Solar/Session.php	2007-07-30 15:37:48 UTC (rev 2655)
@@ -51,11 +51,125 @@
      * : Store values in this top-level key in $_SESSION.  Default is
      *   'Solar'.
      * 
+     * `P3P`
+     * : Compact [Platform for Privacy Preferences][] policy. Default is
+     *   'CP="CAO COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT STA"',
+     *   which translates to:
+     *   
+     *   *CAO* _ACCESS Element_: the ability of the individual to view 
+     *   identified data and address questions or concerns to the service 
+     *   provider. CAO is short for 'contact-and-other', meaning _Identified 
+     *   Contact Information and Other Identified Data: access is given to 
+     *   identified online and physical contact information as well as to 
+     *   certain other identified data._
+     * 
+     *   *COR* _REMEDIES Element_: Remedies in case a policy breach occurs.
+     *   COR is short for 'correct', meaning _Errors or wrongful actions 
+     *   arising in connection with the privacy policy will be remedied by 
+     *   the service._
+     * 
+     *   *CURa*
+     *   *ADMa*
+     *   *DEVa*
+     *   *TAIa* _PURPOSE Elements_: Purposes for data processing relevant to 
+     *   the Web. The 'a' following each code indicates 'always', meaning 
+     *   the site provides no opt-in/opt-out choices for the information 
+     *   collected in the _CATEGORIES_ Elements.
+     * 
+     *   CUR is short for 'current', meaning _Completion and Support of 
+     *   Activity For Which Data Was Provided: Information may be used by the 
+     *   service provider to complete the activity for which it was provided, 
+     *   whether a one-time activity such as returning the results from a Web 
+     *   search, forwarding an email message, or placing an order; or a 
+     *   recurring activity such as providing a subscription service, or 
+     *   allowing access to an online address book or electronic wallet._
+     * 
+     *   ADM is short for 'admin', meaning _Web Site and System 
+     *   Administration: Information may be used for the technical support of 
+     *   the Web site and its computer system. This would include processing 
+     *   computer account information, information used in the course of 
+     *   securing and maintaining the site, and verification of Web site 
+     *   activity by the site or its agents._
+     * 
+     *   DEV is short for 'develop', meaning _Research and Development: 
+     *   Information may be used to enhance, evaluate, or otherwise review 
+     *   the site, service, product, or market. This does not include personal 
+     *   information used to tailor or modify the content to the specific 
+     *   individual nor information used to evaluate, target, profile or 
+     *   contact the individual._
+     * 
+     *   TAI is short for 'tailoring', meaning _One-time Tailoring: 
+     *   Information may be used to tailor or modify content or design of the 
+     *   site where the information is used only for a single visit to the 
+     *   site and not used for any kind of future customization. For example, 
+     *   an online store might suggest other items a visitor may wish to 
+     *   purchase based on the items he has already placed in his shopping 
+     *   basket._
+     *
+     *   *OUR* _RECIPIENT Element_: The legal entity, or domain, beyond the 
+     *   service provider and its agents where data may be distributed.
+     *   OUR is short for 'ourselves', meaning _Ourselves and/or entities 
+     *   acting as our agents or entities for whom we are acting as an agent: 
+     *   An agent in this instance is defined as a third party that processes 
+     *   data only on behalf of the service provider for the completion of the 
+     *   stated purposes. (e.g., the service provider and its printing bureau 
+     *   which prints address labels and does nothing further with the 
+     *   information.)_
+     * 
+     *   *BUS*
+     *   *IND* _RETENTION Elements_: The type of retention policy in effect.
+     *   BUS is short for 'business-practices', meaning _Determined by 
+     *   service provider's business practice: Information is retained under 
+     *   a service provider's stated business practices._
+     * 
+     *   IND is short for 'indefinitely', meaning _Information is retained
+     *   for an indeterminate period of time._
+     *   
+     *   *UNI*
+     *   *COM*
+     *   *NAV*
+     *   *INT*
+     *   *STA* _CATEGORIES Elements_: Elements inside data elements that 
+     *   provide hints to users and user agents as to the intended uses of 
+     *   the data.
+     * 
+     *   UNI is short for 'uniqeid', meaning _Unique Identifiers: 
+     *   Non-financial identifiers, excluding government-issued identifiers, 
+     *   issued for purposes of consistently identifying or recognizing the 
+     *   individual. These include identifiers issued by a Web site or 
+     *   service._
+     * 
+     *   COM is short for 'computer', meaning _Computer Information: 
+     *   Information about the computer system that the individual is using 
+     *   to access the network -- such as the IP number, domain name, browser 
+     *   type or operating system._
+     * 
+     *   NAV is short for 'navigation', meaning _Navigation and Click-stream 
+     *   Data: Data passively generated by browsing the Web site -- such as 
+     *   which pages are visited, and how long users stay on each page._
+     * 
+     *   INT is short for 'interactive', meaning _Interactive Data: Data 
+     *   actively generated from or reflecting explicit interactions with a 
+     *   service provider through its site -- such as queries to a search 
+     *   engine, or logs of account activity._
+     * 
+     *   STA is short for 'state', meaning _State Management Mechanisms: 
+     *   Mechanisms for maintaining a stateful session with a user or 
+     *   automatically recognizing users who have visited a particular site 
+     *   or accessed particular content previously -- such as HTTP cookies._
+     *   
+     *   Please refer to the W3C P3P specification for more information 
+     *   on customizing this default policy. A compact policy delivered 
+     *   in an HTTP header is only part of a complete P3P implementation.
+     * 
+     *   [Platform for Privacy Preferences]: http://www.w3.org/TR/P3P/
+     * 
      * @var array
      * 
      */
     protected $_Solar_Session = array(
         'class' => 'Solar',
+        'P3P'   => 'CP="CAO COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT STA"',
     );
     
     /**
@@ -93,6 +207,12 @@
      * 
      * Constructor.
      * 
+     * Starts the session if one does not exist, but only if we're not at the
+     * command line.
+     * 
+     * Automatically sends a P3P header if one is defined (and it is, by 
+     * default).
+     * 
      * @param array $config User-defined configuration values.
      * 
      */
@@ -103,6 +223,9 @@
         // start a session if one does not exist, but not if we're at
         // the command line.
         if (session_id() === '' && PHP_SAPI != 'cli') {
+            if ($this->_config['P3P']) {
+                header('P3P: ' . $this->_config['P3P']);
+            }
             session_start();
         }