Minz allow parallel sessions (#3096)

* Minz allow parallel sessions

#fix https://github.com/FreshRSS/FreshRSS/issues/3093

* Array optimisation

* Array optimisation missing

* Reduce direct access to $_SESSION except in install process

* Fix session start headers warning

* Use cookie only the first time the session is started:
`PHP Warning:  session_start(): Cannot start session when headers
already sent in /var/www/FreshRSS/lib/Minz/Session.php on line 39`

* New concept of volatile session for API calls

Optimisation: do not use cookies or local storage at all for API calls
without a Web session
Fix warning:

```
PHP Warning:  session_destroy(): Trying to destroy uninitialized session
in Unknown on line 0
```

* Only call Minz_Session::init once in our index

It was called twice (once indirectly via FreshRSS->init())

* Whitespace

* Mutex for notifications

Implement mutex for notifications
https://github.com/FreshRSS/FreshRSS/pull/3208#discussion_r499509809

* Typo

* Install script is not ready for using Minz_Session

1 files changed, 58 insertions, 2 deletions

diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php
index 97b15c4d0..cb0e5336e 100644
--- a/lib/Minz/Session.php
+++ b/lib/Minz/Session.php
@@ -4,18 +4,51 @@
  * La classe Session gère la session utilisateur
  */
 class Minz_Session {
+	private static $volatile = false;
+
+	/**
+	 * For mutual exclusion.
+	 */
+	private static $locked = false;
+
+	public static function lock() {
+		if (!self::$volatile && !self::$locked && session_start()) {
+			self::$locked = true;
+		}
+		return self::$locked;
+	}
+
+	public static function unlock() {
+		if (!self::$volatile && session_write_close()) {
+			self::$locked = false;
+		}
+		return self::$locked;
+	}
+
 	/**
 	 * Initialise la session, avec un nom
 	 * Le nom de session est utilisé comme nom pour les cookies et les URLs(i.e. PHPSESSID).
 	 * Il ne doit contenir que des caractères alphanumériques ; il doit être court et descriptif
+	 * If the volatile parameter is true, then no cookie and not session storage are used.
+	 * Volatile is especially useful for API calls without cookie / Web session.
 	 */
-	public static function init($name) {
+	public static function init($name, $volatile = false) {
+		self::$volatile = $volatile;
+		if (self::$volatile) {
+			$_SESSION = [];
+			return;
+		}
+
 		$cookie = session_get_cookie_params();
 		self::keepCookie($cookie['lifetime']);
 
 		// démarre la session
 		session_name($name);
+		//When using cookies (default value), session_stars() sends HTTP headers
 		session_start();
+		session_write_close();
+		//Use cookie only the first time the session is started to avoid resending HTTP headers
+		ini_set('session.use_cookies', '0');
 	}
 
 
@@ -35,13 +68,34 @@ class Minz_Session {
 	 * @param $v la valeur à attribuer, false pour supprimer
 	 */
 	public static function _param($p, $v = false) {
+		if (!self::$volatile && !self::$locked) {
+			session_start();
+		}
 		if ($v === false) {
 			unset($_SESSION[$p]);
 		} else {
 			$_SESSION[$p] = $v;
 		}
+		if (!self::$volatile && !self::$locked) {
+			session_write_close();
+		}
 	}
 
+	public static function _params($keyValues) {
+		if (!self::$volatile && !self::$locked) {
+			session_start();
+		}
+		foreach ($keyValues as $k => $v) {
+			if ($v === false) {
+				unset($_SESSION[$k]);
+			} else {
+				$_SESSION[$k] = $v;
+			}
+		}
+		if (!self::$volatile && !self::$locked) {
+			session_write_close();
+		}
+	}
 
 	/**
 	 * Permet d'effacer une session
@@ -50,7 +104,9 @@ class Minz_Session {
 	public static function unset_session($force = false) {
 		$language = self::param('language');
 
-		session_destroy();
+		if (!self::$volatile) {
+			session_destroy();
+		}
 		$_SESSION = array();
 
 		if (!$force) {