Download the PHP package sobstel/sesshin without Composer
On this page you can find all versions of the php package sobstel/sesshin. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Informations about the package sesshin
Sesshin
Object-oriented, extendable advanced session handling component written with security in mind that mitigates attacks like Session Hijacking, Session Fixation, Session Exposure, Sesion Poisoning, Session Prediction.
Awarded 1st place in php.pl contest.
Features:
- smart session expiry control
- prevents session adoption, i.e. session ids generated only by the component are acceptable (strict model)
- sends cookie only when session really created
- session id rotation (anti session hijacking), based on time and/or number of requests
- configurable:
- unlike PHP native mechanism, you don't have to use cron or resource-consuming 100% garbage collecting probability to ensure sessions are removed exactly after specified time
- convention over configuration - possible to configure user-defined stores, listeners (observers), entropy callback and fingerprint generators, but all of them have defaults set out-of-the-box
- 100% independent from insecure native PHP session extension
Usage
Installation
Create new session
Only when create()
called, session cookie is created (for native PHP session
handler cookie is present all the time whether it's needed or not).
Open existing session
If session was not created earlier, session is not opened and false
is returned.
If you want to create new session if it does not exist already, just pass true
as argument. It will call create()
transparently.
Regenerate session id
Listen to special events
User session
Store
Sesshin provides default FileStore.
Note! Using /tmp as a directory is not secure on shared hosting.
Alternatively you can use one of numerous doctrine/cache providers.
You can also implement your own store using Sesshin\Store\StoreInterface
.
Change entropy algorithm
Entropy is used to generate session id.
MyFancyEntropyGenerator
must implement Sesshin\EntropyGenerator\EntropyGeneratorInterface
.
Change session ID store
By default session ID is stored in cookie, but sometimes you may need to force session id, eg. based on some token, query string var, etc.
MyFancyIdStore
must implement Sesshin\Id\Store\StoreInterface
.