Alternative to PHP's native session handler. It does not depend on PHP's session capability. It can be used with non-typical php based applications like with react/http.
- You don't have to depend on
session_functions which means you can write testable code. - You don't have to depend on
$_SESSIONsuperglobal allowing you to write more testable code. - You can even use this for non-typical php based applications like with react/http.
- You can create a framework agnostic library/module depending on psr-7 HTTP message interfaces and this session library.
$sessionOptions = [
'name' => 'session_id',
'sid_length' => 40,
'cookie' => [
'domain' => 'your-app.com',
]
];
$sessionHandler = new Ojhaujjwal\Session\Handler\FileHandler('path/to/session-data');
$sessionManager = new Ojhaujjwal\Session\SessionManager(
$sessionHandler,
$request,
$sessionOptions
);
$storage = $sessionManager->getStorage();
$sessionManager->start();
// you can manipulate $storage just like $_SESSION
$storage['some_key'] = 'some_value';
$someKey = $storage['some_key'];
$response = $sessionManager->close($response);
//return the response the the clientcomposer require ujjwal/psr7-http-session
Type: string Required: true
Name of the session which is used as cookie name. It should only contain alphanumeric characters.
Type: integer Default: 40
the length of session ID string. Session ID length can be between 22 to 256.
Type: array
Used to pass cookie options. See cookie options section.
Type: string
Default: derived from the Host header of request
domain to be set in the session cookie.
Type: string
Default: /
path to be set in the session cookie.
Type: boolean
Default: true
Marks the cookie as accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript.
Type: boolean Default: True if the original request is https
It indicates whether cookies should only be sent over secure connections.
Type: integer
Default: 0 for session cookie
It specifies the lifetime of the cookie in seconds which is sent to the browser. The value 0 means "until the browser is closed." Defaults to 0
Type: string
Default: Lax
Specifies SameSite cookie attribute. Very useful to mitigate CSRF by preventing the browser from sending this cookie along with cross-site requests.
Allowed values:
- empty string for not setting the attribute
ParagonIE\Cookie\Cookie::SAME_SITE_RESTRICTION_LAX(fairly strict)ParagonIE\Cookie\Cookie::SAME_SITE_RESTRICTION_STRICT(very strict)
$sessionManager = new Ojhaujjwal\Session\SessionManager(
$sessionHandler,
$request,
$sessionOptions
);$sessionManager->start();
$sessionManager->isStarted(); // returns true$sessionManager->getId(); //returns alphanumeric string$sessionManager->regenerate();
$sessionManager->regenerate(false); // does not destroy old session$response = $sessionManager->close($response);$storage = $sessionManager->getStorage();It implements IteratorAggregate, ArrayAccess, Countable
So, it will look very much like $_SESSION.
Just replace the $_SESSION occurrences in your app with instance of the object.
$storage->abcd = 'efgh';
//or
$storage['abcd'] = 'efgh';
//or
$storage->set('abcd', 'efgh');$abcd = $storage->abc;
//or
$abcd = $storage['abcd'];
//or
$abcd = $storage->get('abcd');unset($storage->abc);
//or
unset($storage['abcd']);
//or
$storage->remove('abcd');$storage->flush();It also comes with a http middleware which you can use to automatically initialize session and write cookie to response.
The middleware is compatible with http-interop/http-middleware based single pass approach or express-like double pass approach.
$middleware = new Ojhaujjwal\Session\SessionMiddleware($handler, $sessionOptions);
$middleware->process($request, $delegate);
// or
$middleware($request, $response, $next);
//using with zend-expressive
//after errorhandler and before the routing middleware
$app->pipe(\Ojhaujjwal\Session\SessionMiddleware::class);- Fix build in php7.2
- Garbage collection
- Cookie Based session handler
- Encryption Session Handler