sion cookie invalid for: ' . $this->session_key );
			$this->destroy();
			$this->is_active = false;
		}

		// Update session if it's close to expiring.
		if ( time() > $this->session_expiring ) {
			$this->session_expiry   = $this->get_session_expiry( true );
			$this->session_expiring = $this->get_session_expiring( true );
			$this->set_session_cookie();
			$this->dirty = true;
			$this->save();
			edd_debug_log( sprintf( 'Session expiration for %1$s was updated to: %2$s', $this->session_key, $this->session_expiry ) );
		}
	}

	/**
	 * Saves the session data to the database and updates the cache.
	 *
	 * @param string $old_session_key The old session key.
	 * @return void
	 */
	public function save( $old_session_key = '' ) {
		if ( ! $this->dirty ) {
			return;
		}

		if ( ! $this->is_request_valid_for_session() ) {
			return;
		}

		if ( ! $this->has_session() ) {
			return;
		}

		// If there is no session key, return.
		if ( empty( $this->get_session_key() ) ) {
			return;
		}

		// Save the session.
		$this->manager->save( $this->session_key, $this->data, $this->get_session_expiry() );

		$this->dirty = false;

		// Delete the old session if it's a guest.
		if ( $old_session_key && $this->should_delete( $old_session_key ) ) {
			$this->manager->delete( $old_session_key );
		}
	}

	/**
	 * Forget all session data without destroying it.
	 *
	 * @since 3.3.0
	 */
	public function forget() {
		\EDD\Utils\Cookies::set( $this->get_cookie_name() );
		$this->set_cart_cookie( false );

		edd_empty_cart();

		$this->data        = array();
		$this->dirty       = false;
		$this->session_key = $this->get_session_key( true );
	}

	/**
	 * Destroys the session.
	 *
	 * @since 3.3.0
	 */
	public function destroy() {
		$this->manager->delete( $this->get_session_key() );
		$this->forget();
	}

	/**
	 * Resets the purchase session when an item is added to the cart.
	 * This ensures that the checkout is processed with fresh form data.
	 *
	 * @since 3.3.5
	 */
	public function reset() {
		$this->set( 'edd_purchase', null );
	}

	/**
	 * Get session data.
	 *
	 * @return array
	 */
	private function get_session_data() {
		return $this->manager->get_session_data( $this->get_session_key() );
	}

	/**
	 * Get/set the session expiration.
	 *
	 * @since 3.3.0
	 * @param bool $force Whether to force the expiration time to be set.
	 * @return int
	 */
	private function get_session_expiry( $force = false ) {
		if ( ! $this->session_expiry || $force ) {
			$session = $this->manager->get_session( $this->get_session_key() );
			if ( ! empty( $session->expiry ) ) {
				$this->session_expiry = $session->expiry;
			} else {
				$this->session_expiry = time() + intval( $this->set_expiration_time() );
			}
		}

		return $this->session_expiry;
	}

	/**
	 * Get/set the session expiring (one hour before expiration).
	 *
	 * @since 3.3.0
	 * @param bool $force Whether to force the expiration time to be set.
	 * @return int
	 */
	private function get_session_expiring( $force = false ) {
		if ( ! $this->session_expiring || $force ) {
			$this->session_expiring = $this->get_session_expiry() - HOUR_IN_SECONDS;
		}

		return $this->session_expiring;
	}

	/**
	 * Generate a unique session ID for guests, or return user ID if logged in.
	 * Uses Portable PHP password hashing framework to generate a unique cryptographically strong ID.
	 * Legacy method (name).
	 *
	 * @since 3.3.0
	 * @return string
	 */
	private function get_session_key( $reset = false ) {
		if ( ! is_null( $this->session_key ) && ! $reset ) {
			return $this->session_key;
		}

		if ( is_user_logged_in() ) {
			$session_key = $this->get_logged_in_user_key();
		}

		if ( ! empty( $session_key ) ) {
			$this->session_key = $session_key;
		} else {

			require_once ABSPATH . 'wp-includes/class-phpass.php';
			$hasher = new \PasswordHash( 8, false );

			$this->session_key = $this->guest_prefix . substr( wp_hash( $hasher->get_random_bytes( 32 ) ), 2 );
		}

		return $this->session_key;
	}

	/**
	 * Gets the logged in user key.
	 *
	 * @since 3.3.0
	 * @return string
	 */
	private function get_logged_in_user_key() {
		return $this->manager->get_logged_in_user_key();
	}

	/**
	 * Checks if the current session should be deleted.
	 *
	 * @param string $key The session key.
	 * @return bool
	 */
	private function should_delete( $key ) {
		$current_user_id = $this->get_logged_in_user_key();

		return $current_user_id !== $key && ! ( get_user_by( 'id', $key ) instanceof \WP_User );
	}

	/**
	 * Sanitizes sensitive data from the session array.
	 *
	 * @param mixed $data The data to sanitize.
	 * @return mixed
	 */
	private function sanitize( $data ) {
		if ( ! is_array( $data ) ) {
			return esc_attr( $data );
		}
		$disallowed_keys = array(
			'post_data',
			'card_info',
		);
		foreach ( $disallowed_keys as $key ) {
			if ( isset( $data[ $key ] ) ) {
				unset( $data[ $key ] );
			}
		}

		return $data;
	}

	/**
	 * Checks whether the type of request is valid for starting a session.
	 *
	 * @since 3.3.0
	 * @return bool
	 */
	private function is_request_valid_for_session() {
		return \EDD\Utils\Request::is_request( array( 'frontend', 'rest' ) );
	}
}