Download the PHP package icanboogie/session without Composer
On this page you can find all versions of the php package icanboogie/session. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download icanboogie/session
More information about icanboogie/session
Files in icanboogie/session
Package session
Short Description Manage sessions
License BSD-3-Clause
Homepage https://icanboogie.org/
Informations about the package session
Session
The icanboogie/session package provides an interface to easily manage PHP sessions. You create a
session instance with the desired options and the session is automatically started when reading or
writing. The session instance is used as an array, just like $_SESSION
. You can provide session
segments to your components so that they have a safe place to store their own session values. Flash
values can be used in the session and its segments. Finally, you can use the session token with
unsafe HTTP methods to prevent CSRF.
It is important to keep in mind that the session instance it basically mapping the $_SESSION
array
and session_*
functions, thus you don't need to change anything in your application setup. You may
use Redis to store sessions and some fancy session handler, it makes no difference.
The following code demonstrates some usages of the session instance:
Installation
Getting started
A Session instance is a representation of a PHP session. It is created with parameters mapped to
session_*
functions. Options can be defined to customize you session, their default values are
inherited from the PHP config.
The following code demonstrates how a session using default values can be instantiated:
Note: Nothing prevents you from using multiple Session instances but it is not recommended.
The following code demonstrates how options can be used to customize the session instance. Only a few options are demonstrated here, more are available.
If you are defining these options in a config file, you might want to use the light weight
SessionOptions
interface:
Session segments
Session segments provide a safe place for components to store their values without conflicts. That is, two components may safely use a same key because their value is stored in different session segments. Segments act as namespaces for session values. It is then important to choose a safe namespace, a class name is often the safest option.
Session and session segments instances all implement the SessionSegment interface. Components requiring session storage should use that interface rather than the Session class.
Note: Obtaining a segment does not start a session, only read/write may automatically start a session. So don't hesitate to obtain session segments.
The following example demonstrates how a session segment might be injected into a controller:
Flash values
Flash values are session values that are forgotten after they are read, although they can be read multiple time during the run time of a PHP script. They can be set in the session or in its segments.
The following example demonstrates how flash values work with the session and segments:
The $_SESSION
array would look like this:
After a flash values is read, it disappears from the session/segment, although it can be read multiple time during the run time of a PHP script:
Defeating Cross-Site Request Forgery
The Session instance provides a session token that may be used to protect your application
against Cross-Site Request Forgery. Your application should verify that token before processing
unsafe request, which use HTTP methods POST
, PUT
, and DELETE
.
Note: You can trust that the session has always a token. If none exists when a token is requested a new one is created.
The following example demonstrates how to use the session token with a POST
form:
When processing an unsafe request, make sure the session token is valid:
Continuous Integration
The project is continuously tested by GitHub actions.
Code of Conduct
This project adheres to a Contributor Code of Conduct. By participating in this project and its community, you're expected to uphold this code.
Contributing
See CONTRIBUTING for details.