collecthor/yii2-session-auth

Session authentication for your API

v1.2.5 2022-09-23 14:25 UTC

This package is auto-updated.

Last update: 2024-10-23 19:05:35 UTC


README

When you expose an API you often have a different configuration for authentication. Most APIs use some kind of session-less authentication using tokens of some kind.

This component implements such session-less authentication where the token is the session key. It works by shortly opening the session to extract the relevant data, then aborting it using session_abort(). This means there is no write done to the session and locking (if using the standard file backend) is kept to a minimum.