Using the Session
class, you can start and resume sessions in a way that is compatible to PHP’s built-in session_start()
function, while having access to the improved cookie handling from this library as well:
use Solital\Core\Resource\Session;
// start session and have session cookie with 'lax' same-site restriction
Session::start();
// or
Session::start('Lax');
// start session and have session cookie with 'strict' same-site restriction
Session::start('Strict');
// start session and have session cookie without any same-site restriction
Session::start(null);
// or
Session::start('None'); // Chrome 80+
All three calls respect the settings from PHP’s session_set_cookie_params(...)
function and the configuration options session.name
, session.cookie_lifetime
, session.cookie_path
, session.cookie_domain
, session.cookie_secure
, session.cookie_httponly
and session.use_cookies
.
Likewise, replacements for
session_regenerate_id();
// and
session_regenerate_id(true);
are available via
Session::regenerate();
// and
Session::regenerate(true);
if you want protection against session fixation attacks that comes with improved cookie handling.
Additionally, access to the current internal session ID is provided via
Session::id();
as a replacement for
session_id();
$value = Session::get($key);
# With helper
$value = session($key);
// or
$value = Session::get($key, $defaultValue);
# With helper
$value = session($key, defaultValue: 'default_value');
Session::set($key, $value);
# With helper
session($key, $value);
if (Session::has($key)) {
// ...
}
Session::delete($key);
# With helper
session($key, delete: true);
$value = Session::take($key);
$value = Session::take($key, $defaultValue);
# With helper
$value = session($key, take: true);
This is often useful for flash messages, e.g. in combination with the has(...)
method.
You can change some default session options using the session.yaml
file.
# Set the current session name
name:
# Sets user-level session storage (files, sqlite, memcached, encrypt, pdo, apcu, dump)
save_handler: files
# Set the current session save path for memcached and redis
save_path: localhost:11211
# Specifies whether the module will use strict session id mode
strict_mode: false
# Set the current cache limiter
cache_limiter: public
# Set current cache expire
cache_expire: 30
# Specifies the number of seconds after which data will be seen as 'garbage'
# and potentially cleaned up. Default is 1440
gc_max_lifetime: 1440
# setGcProbability() in conjunction with session.gc_divisor is used to manage
# probability that the gc (garbage collection) routine is started. Defaults to 1
gc_probability: 1
# session.gc_divisor coupled with session.gc_probability defines the probability
# that the gc (garbage collection) process is started on every session initialization.
gc_divisor: 100
You can change the default session handler using save_handler
option. The available handlers are:
files:
default handlersqlite:
saves the session using SQLitememcached:
saves the session on the Memcached server. You can change the default path using the save_path
optionencrypt:
same as the files
option, but saves the session in encrypted formpdo:
saves the session in the database using the .env
fileapcu:
saves the session using APCudump:
dumps the session