Download the PHP package sobstel/sesshin without Composer
On this page you can find all versions of the php package sobstel/sesshin. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package sesshin
Sesshin
Object-oriented, extendable advanced session handling component written with security in mind that mitigates attacks like Session Hijacking, Session Fixation, Session Exposure, Sesion Poisoning, Session Prediction.
Awarded 1st place in php.pl contest.
Features:
- smart session expiry control
- prevents session adoption, i.e. session ids generated only by the component are acceptable (strict model)
- sends cookie only when session really created
- session id rotation (anti session hijacking), based on time and/or number of requests
- configurable:
- unlike PHP native mechanism, you don't have to use cron or resource-consuming 100% garbage collecting probability to ensure sessions are removed exactly after specified time
- convention over configuration - possible to configure user-defined stores, listeners (observers), entropy callback and fingerprint generators, but all of them have defaults set out-of-the-box
- 100% independent from insecure native PHP session extension
Usage
Installation
Create new session
Only when create() called, session cookie is created (for native PHP session
handler cookie is present all the time whether it's needed or not).
Open existing session
If session was not created earlier, session is not opened and false is returned.
If you want to create new session if it does not exist already, just pass true
as argument. It will call create() transparently.
Regenerate session id
Listen to special events
User session
Store
Sesshin provides default FileStore.
Note! Using /tmp as a directory is not secure on shared hosting.
Alternatively you can use one of numerous doctrine/cache providers.
You can also implement your own store using Sesshin\Store\StoreInterface.
Change entropy algorithm
Entropy is used to generate session id.
MyFancyEntropyGenerator must implement Sesshin\EntropyGenerator\EntropyGeneratorInterface.
Change session ID store
By default session ID is stored in cookie, but sometimes you may need to force session id, eg. based on some token, query string var, etc.
MyFancyIdStore must implement Sesshin\Id\Store\StoreInterface.
