PHP download

Download the PHP package juliangut/sessionware without Composer

On this page you can find all versions of the php package juliangut/sessionware. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download juliangut/sessionware
More information about juliangut/sessionware
Files in juliangut/sessionware

Vendor juliangut
Package sessionware
Short Description PSR7 session management middleware
License BSD-3-Clause
Homepage https://github.com/juliangut/sessionware

Keywords middleware session psr7

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of juliangut/sessionware

Informations about the package sessionware

SessionWare

A PSR7 session management middleware.

Automatic control of session timeout.

Generates a 80 character long session_id using random_bytes, a truly cryptographically secure pseudo-random generator, instead of session.hash_function hash algorithm.

Important considerations

Be aware that this middleware needs some session ini settings to be set to specific values:

session.use_trans_sid to false session.use_cookies to true session.use_only_cookies to true session.use_strict_mode to false session.cache_limiter to '' (empty string)

This values will prevent session headers to be automatically sent to user. It's the developer's responsibility to include corresponding cache headers in response object, which should be the case in the first place instead of relying on PHP environment settings.

You can use juliangut/cacheware which will automatically set the corrent session ini settings and add the corresponding cache headers to response object.

By using session_regenerate_id() during execution cryptographically secure session ID will be replaced by default PHP session.hash_function generated ID (not really secure). To prevent this from happening use \Jgut\Middleware\Session helper method regenerateSessionId() instead:

Installation

Composer

Usage

Integrated on a Middleware workflow:

Session helper

There is an extra Session helper to abstract access to the $_SESSION variable. This is usefull for example when NOT accessing global variables is important for you (such as when using PHP_MD to statically analise your code)

In order to benefit from SessionWare cryptographically secure generated session id DO use

Config

Default values mimic those provided by default PHP installation so the middleware can be used as a direct drop-in with automatic session timeout control

timeoutKey

Parameter stored in session array to control session validity according to lifetime parameter. Defaults to

It is advised not to change this value unless it conflicts with one of your own session keys (which is unlikely if not directly impossible)

name

Assigns session name, default PHP PHPSESSID session name will be used if none provided.

Review Important note below.

savePath

This configuration is used only if default 'files' session save handler is selected in session.save_handler.

Assigns the path to store session files. If none provided sys_get_temp_dir(), session_save_path() and session 'name' will be used to compose a unique path.

Review Important note below.

lifetime

Number of seconds for the session to be considered valid. uses session.gc_maxlifetime and session.cookie_lifetime to discover PHP configured session lifetime if none provided. Finally it defaults to SessionWare::SESSION_LIFETIME_DEFAULT (24 minutes) if previous values are not available or their value is zero.

There are six session lifetime constants available for convenience:

SESSION_LIFETIME_FLASH = 5 minutes
SESSION_LIFETIME_SHORT = 10 minutes
SESSION_LIFETIME_NORMAL = 15 minutes
SESSION_LIFETIME_DEFAULT = 24 minutes
SESSION_LIFETIME_EXTENDED = 1 hour
SESSION_LIFETIME_INFINITE = PHP_INT_MAX, around 1145 years on x86_64 architecture

path, domain, secure and httponly

Shortcuts to session.cookie_path, session.cookie_domain, session.cookie_secure and session.cookie_httponly. If not provided configured cookie params will be used, so can be set using session_set_cookie_params() before middleware run.

Events

You can listen to timeout events to perform actions accordingly. There are currently two events

pre.session_timeout triggered right before session is wiped when session timeout is reached
post.session_timeout triggered right after session has been restarted due to session timeout

Events provide sessionId as parameter:

Important note

Using default 'files' session save handler

If you define a session 'lifetime' you MUST set a session 'savePath' or a session 'name' (different to PHPSESSID). This is to separate session files from other PHP scripts session files, for the garbage collector to handle expired files removal correctly.

Be aware that if this condition is not met starting a session might remove session files from other script/application as they are all located in the same directory and there is no way for the garbage collector to tell which script/application they belong to.

Using custom session save handler

Distinguishing between different script/application session files shouldn't be a problem in this case. But be carefull not to send cookie headers (setcookie) directly to the client but to include them in the response object instead.

Contributing

Found a bug or have a feature request? Please open a new issue. Have a look at existing issues before.

See file CONTRIBUTING.md

License

See file LICENSE included with the source code for a copy of the license terms.

All versions of sessionware with dependencies

PHP Build Version

Package Version

Version 1.2.1 Release 16. Sep 2016
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of sessionware from vendor juliangut

Requires php Version >=5.5
symfony/polyfill-php56 Version ^1.0
symfony/polyfill-php70 Version ^1.0
psr/http-message Version ^1.0
league/event Version ^2.1

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package juliangut/sessionware contains the following files

Loading the files please wait ....