Download the PHP package byjg/jwt-session without Composer
On this page you can find all versions of the php package byjg/jwt-session. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download byjg/jwt-session
More information about byjg/jwt-session
Files in byjg/jwt-session
Package jwt-session
Short Description JwtSession is a PHP session replacement. Instead of use FileSystem, just use JWT TOKEN. The implementation following the SessionHandlerInterface.
License MIT
Informations about the package jwt-session
JwtSession
JwtSession is a PHP session replacement. Instead of use FileSystem, just use JWT TOKEN. The implementation following the SessionHandlerInterface.
How to use:
Before the session_start() use the command:
Now, all your $_SESSION
variable will be saved directly to a JWT Token!!
Secret key
Make sure that you are providing a base64url encoded key.
Motivation
The default PHP Session does not work in different servers using round robin or other algorithms. This occurs because PHP Session are saved by default in the file system.
There are implementations can save the session to REDIS or MEMCACHED, for example. But this requires to you create a new server to store this session and creates a single point of failure. To avoid this you have to create REDIS/MEMCACHED clusters.
But if you save the session into JWT Token you do not need to create a new server. Just to use.
You can read more in this Codementor's article: Using JSON Web Token (JWT) as a PHP Session
Security Information
The JWT Token cannot be changed, but it can be read.
This implementation save the JWT into a client cookie.
Because of this do not store in the JWT Token sensible data like passwords.
Install
Setting the validity of JWT Token
Setting the different Session Contexts
Create the handler and replace the session handler
Specify cookie domain
Uses RSA Private/Public Keys
If you want to know more details about how to create RSA Public/Private Keys access: https://github.com/byjg/jwt-wrapper
How it works
We store a cookie named AUTH_BEARER_
followed by the context name with the session name. The PHPSESSID cookie is still created because
PHP create it by default but we do not use it;