Download the PHP package ujjwal/psr7-http-session without Composer
On this page you can find all versions of the php package ujjwal/psr7-http-session. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Informations about the package psr7-http-session
PSR-7 Session
Alternative to PHP's native session handler. It does not depend on PHP's session capability. It can be used with non-typical php based applications like with react/http.
But, why?
- You don't have to depend on
session_
functions which means you can write testable code. - You don't have to depend on
$_SESSION
superglobal allowing you to write more testable code. - You can even use this for non-typical php based applications like with react/http.
- You can create a framework agnostic library/module depending on psr-7 HTTP message interfaces and this session library.
Getting started
Installation
composer require ujjwal/psr7-http-session
Session Options
name
Type: string Required: true
Name of the session which is used as cookie name. It should only contain alphanumeric characters.
sid_length
Type: integer Default: 40
the length of session ID string. Session ID length can be between 22 to 256.
cookie
Type: array
Used to pass cookie options. See cookie options section.
Cookie Options
domain
Type: string
Default: derived from the Host
header of request
domain to be set in the session cookie.
path
Type: string
Default: /
path to be set in the session cookie.
http_only
Type: boolean
Default: true
Marks the cookie as accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript.
secure_only
Type: boolean Default: True if the original request is https
It indicates whether cookies should only be sent over secure connections.
lifetime
Type: integer
Default: 0
for session cookie
It specifies the lifetime of the cookie in seconds which is sent to the browser. The value 0 means "until the browser is closed." Defaults to 0
same_site
Type: string
Default: Lax
Specifies SameSite
cookie attribute. Very useful to mitigate CSRF by preventing the browser from sending this cookie along with cross-site requests.
Allowed values:
- empty string for not setting the attribute
ParagonIE\Cookie\Cookie::SAME_SITE_RESTRICTION_LAX
(fairly strict)ParagonIE\Cookie\Cookie::SAME_SITE_RESTRICTION_STRICT
(very strict)
Basic operations
Initializing SessionManager
Starting session
Retrieve session id
Regenerate session id
Close session and write to response header as cookie
Retrieving session storage
It implements IteratorAggregate
, ArrayAccess
, Countable
So, it will look very much like $_SESSION
.
Just replace the $_SESSION
occurrences in your app with instance of the object.
Write to session
Read from session
Remove from session
Flush session data
Session Middleware
It also comes with a http middleware which you can use to automatically initialize session and write cookie to response.
The middleware is compatible with http-interop/http-middleware
based single pass approach or express-like double pass approach.
TODO
- [ ] Fix build in php7.2
- [ ] Garbage collection
- [ ] Cookie Based session handler
- [ ] Encryption Session Handler
License
MIT
All versions of psr7-http-session with dependencies
paragonie/cookie Version ^3.2.0
symfony/options-resolver Version ^3.3
zendframework/zend-math Version ^3.0
psr/http-message Version ^1.0
roave/security-advisories Version dev-master