Download the PHP package joefallon/phpsession without Composer
On this page you can find all versions of the php package joefallon/phpsession. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download joefallon/phpsession
More information about joefallon/phpsession
Files in joefallon/phpsession
Package phpsession
Short Description A simple age and activity based session library.
License MIT
Homepage https://github.com/joefallon/phpsession
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package phpsession
phpsession — Simple, predictable PHP session helper
phpsession is a small, well-tested PHP library that wraps the PHP session API and provides two common session-expiration strategies:
- max age (time since the session was created)
- last-activity timeout (time since the session was last accessed)
It is intentionally tiny, dependency-free, and designed for safe use in web applications where predictable session-expiration and non-blocking session access are important.
Why use phpsession?
- Small and focused: one class that does one job well.
- Non-blocking-friendly: the implementation opens the session only for the duration of an operation and closes it immediately afterwards, which reduces the chance of session-lock contention in concurrent requests (for example, AJAX-heavy frontends).
- Well tested: comes with unit tests that exercise the public API and edge cases.
- Composer-friendly and PSR-4 compatible.
Requirements
- PHP 7.4 or later
Installation
Install with Composer (recommended):
or add this to your composer.json and run composer install:
Quick start
The class is namespaced under JoeFallon\PhpSession. Typical usage:
Constructor and configuration
The constructor accepts two optional integer parameters (seconds):
__construct(int $maxAgeInSecs = Session::HOUR, int $lastActivityInSecs = Session::HOUR)$maxAgeInSecs— maximum age of the session since creation. Set to0to disable.$lastActivityInSecs— timeout measured from the last read/write/unset. Set to0to disable.
Note: The constructor validates inputs and throws InvalidArgumentException if
values are negative or if maxAgeInSecs is less than lastActivityInSecs.
This is deliberate: the maximum age must be at least as long as the activity
window.
Public API (methods)
-
public function read(string $key)- Return the stored value for
$keyornullif not present or if an empty key is passed. Reading updates the last-activity timestamp.
- Return the stored value for
-
public function write(string $key, string $val): void- Stores
$valunder$key. ThrowsInvalidArgumentExceptionif$keyis empty. Writing updates the last-activity timestamp.
- Stores
-
public function unsetSessionValue(string $key): void- Removes a session key (if present) and updates the last-activity timestamp.
-
public function isMaxAgeTimeoutExpired(): bool- Returns
truewhen the time since session creation is greater than or equal to the configured max age. On first call this method initializes the creation timestamp and will returnfalse.
- Returns
-
public function isLastActivityTimeoutExpired(): bool- Returns
truewhen the time since the last activity is greater than or equal to the configured activity timeout. On first call this method initializes the last-activity timestamp and will returnfalse.
- Returns
public function destroy(): void- Clears session data, removes the session cookie (if cookies are used), regenerates the session id to remove old data, and destroys the session.
Constants
Session::HOUR— 3600Session::DAY— 86400Session::WEEK— 604800
Detailed examples
1) Short-lived session that expires after 30 seconds of inactivity:
2) Max-age-only session (ignore activity):
3) Checking and rotating sessions safely
If you use isMaxAgeTimeoutExpired() or isLastActivityTimeoutExpired() in
request logic, prefer to let the session management decide when to destroy the
session. Example flow:
Security and best practices
- Use secure cookies (HTTPS) and set
session.cookie_secure=1in PHP when serving over TLS. - Consider setting
session.cookie_httponly=1to reduce the risk of XSS-based cookie theft. - Regenerate session ids on privilege changes (e.g. login) using
session_regenerate_id(true)in your authentication code path. This library intentionally does not regenerate an id on every open to keep behavior predictable and to avoid interfering with timeout logic. - Store only non-sensitive identifiers in sessions when possible. If you must store secrets, ensure your session storage is protected (e.g. server-side storage, not client-supplied).
Performance considerations
- This library opens and closes the session around each operation which helps avoid long-lived session locks in high-concurrency environments (AJAX requests, concurrent fetches).
- Avoid storing extremely large datasets in sessions to reduce IO and lock durations.
Testing
This project uses PHPUnit 9.6 for unit tests (the last PHPUnit series that
supports PHP 7.4). The repository includes a phpunit.xml.dist and a
tests/bootstrap.php bootstrap file.
Install dev dependencies (recommended):
Unix/macOS:
Windows (cmd.exe / PowerShell):
Run the test suite:
Unix/macOS:
Windows (cmd.exe / PowerShell):
Notes and troubleshooting
-
If you previously used the project's legacy KissTest runner, it has been replaced by PHPUnit as part of the migration. There is no need to run
php tests/index.phpfor automated test runs anymore. -
If you see messages from Xdebug such as "Could not connect to debugging client" or other output before tests run, those messages can cause
session_start()to fail because headers were already sent. The test bootstrap starts output buffering and theSessionclass includes a safe emulation fallback for environments where headers are already sent to keep tests deterministic. If you still encounter issues:- Temporarily disable Xdebug while running tests, or
- Ensure your terminal environment is not emitting extra startup output.
- To run a single test file or method, supply the path and optionally a filter, for example:
Continuous Integration
Example GitHub Actions job snippet (runs on Ubuntu):
Contributing
Contributions are welcome. A good contribution path:
- Fork the repository.
- Create a small, focused branch for your change.
- Add tests that cover the behavior you change or add.
- Run the test suite and ensure everything is green.
- Open a pull request with a clear description of the change.
License
MIT — see the LICENSE file for details.
Acknowledgements
Built by Joe Fallon. The test framework was migrated from the small KissTest runner to PHPUnit 9.6 to keep compatibility with PHP 7.4; thanks to the authors of both projects.
Contact
If you have questions or need help integrating phpsession, open an issue on GitHub: https://github.com/joefallon/phpsession
Built with ❤️ and the KISS principle.
