Download the PHP package silverstripe/hybridsessions without Composer
On this page you can find all versions of the php package silverstripe/hybridsessions. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download silverstripe/hybridsessions
More information about silverstripe/hybridsessions
Files in silverstripe/hybridsessions
Package hybridsessions
Short Description Cookie/DB session support for SilverStripe
License BSD-3-Clause
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package hybridsessions
Hybrid Sessions
Introduction
Adds a session handler that tries storing the session in an encrypted cookie when possible, and if not ( because the session is too large, or headers have already been set) stores it in the database.
This allows using Silverstripe on multiple servers without sticky sessions (as long as you solve other multi-server issues like asset storage and databases).
Limitations
- MySQL database is the only supported DB store.
Installation
Setup
/dev/build?flush=allto setup the necessary tables- In order to initiate the session handler is is necessary to add a snippet of code to your
_config.phpfile, along with a private key used to encrypt user cookies.
in app/src/_config.php:
Security
As long as the key is unguessable and secret, generally this should be as secure as server-side-only cookies. The one exception is that cookie sessions are vulnerable to replay attacks. This is only a problem if you're storing stuff you shouldn't in the session anyway, but it's important you understand the issue. Ruby on rails has good documentation of the issue at http://guides.rubyonrails.org/security.html#replay-attacks-for-cookiestore-sessions
Crypto handlers
This module ships with two default cryptographic handlers:
OpenSSLCrypto: uses the OpenSSL library (default).
You can also implement your own cryptographic handler by creating a class that implements the
SilverStripe\HybridSessions\Crypto\CryptoHandler interface.
To configure the active handler, add YAML configuration to your project:
Caveats
This module is not fully compatible with the testsession module, as the database store is not available prior to DB connectivity, which uses the session to dictate DB connections. Data smaller than 1000 bytes may still be stored via the cookie store, but larger data sets will be lost.
