Download the PHP package byjg/jwt-session without Composer

On this page you can find all versions of the php package byjg/jwt-session. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of byjg/jwt-session

Informations about the package jwt-session

JwtSession

Build Status Opensource ByJG GitHub source GitHub license GitHub release

JwtSession is a PHP session replacement. Instead of use FileSystem, just use JWT TOKEN. The implementation following the SessionHandlerInterface.

How to use:

Before the session_start() use the command:

Now, all your $_SESSION variable will be saved directly to a JWT Token!!

Secret key

Make sure that you are providing a base64url encoded key.

Motivation

The default PHP Session does not work in different servers using round robin or other algorithms. This occurs because PHP Session are saved by default in the file system.

There are implementations can save the session to REDIS or MEMCACHED, for example. But this requires to you create a new server to store this session and creates a single point of failure. To avoid this you have to create REDIS/MEMCACHED clusters.

But if you save the session into JWT Token you do not need to create a new server. Just to use.

You can read more in this Codementor's article: Using JSON Web Token (JWT) as a PHP Session

Security Information

The JWT Token cannot be changed, but it can be read. This implementation save the JWT into a client cookie.
Because of this do not store in the JWT Token sensible data like passwords.

Install

Setting the validity of JWT Token

Setting the different Session Contexts

Create the handler and replace the session handler

Specify cookie domain

Uses RSA Private/Public Keys

If you want to know more details about how to create RSA Public/Private Keys access: https://github.com/byjg/jwt-wrapper

How it works

We store a cookie named AUTH_BEARER_ followed by the context name with the session name. The PHPSESSID cookie is still created because PHP create it by default but we do not use it;

Dependencies

Open source ByJG

All versions of jwt-session with dependencies

PHP Build Version
Package Version
Requires php Version >=8.0
byjg/jwt-wrapper Version 4.9.*
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package byjg/jwt-session contains the following files

Loading the files please wait ....