Secure sessions over native PHP handlers
The Symfony HttpFoundation component has a very powerful and flexible session subsystem which is designed to provide session management through a clear object-oriented interface using a variety of session storage drivers. Currently, this package was pulled out of Symfony HttpFoundation component to be used as standalone in any php project and support psr 7.
Sessions were previouly provided by the Symfony's HttpFoundation component, which is included in all Symfony applications, no matter how you installed it. But now, that have changed. Sessions can work on any project with or without psr 7.
Please note that you can get the documentation for this dependency on Symfony website, sessions
The recommended way to install Sessions Manager is via Composer:
composer require biurad/biurad-sessions
It requires PHP version 7.1 and supports PHP up to 7.4. The dev-master version requires PHP 7.2.
Symfony sessions was desinged to make sure your PHP session isn't already started before using the Session class. But this package that's work with that rule, you can start sessions, as long as Session class is booted before starting sessions.
Symfony sessions are designed to replace several native PHP functions. Applications should avoid using session_start(), session_regenerate_id(), session_id(), session_name(), and session_destroy() and instead use the APIs in the following section.
While it is recommended to explicitly start a session, a session will actually start on demand, that is, if any session request is made to read/write session data.
Symfony sessions are incompatible with php.ini directive session.auto_start = 1 This directive should be turned off in php.ini, in the webserver directives or in .htaccess.
The Session has the following API, divided into a couple of groups.
Session Workflow - use
Starts the session
migrate() - do not use session_start().
Regenerates the session ID - do not use session_regenerate_id(). This method can optionally change the lifetime of the new cookie that will be emitted by calling this method. - use
Clears all session data and regenerates session ID. Do not use session_destroy().
Gets the session ID - use
getId() method. Do not use session_id().
Sets the session ID - use
setId() method. Do not use session_id().
Gets the session name - use
getName() method. Do not use session_name().
Sets the session name - use
setName() method. Do not use session_name().
To start using Sessions, boot it like this:
use BiuradPHP\Session\Session; use BiuradPHP\Session\Config\SessionConfig; use function getcwd; // boot sessions. $config = new SessionConfig(['driver' => 'file://'. getcwd()]); $sessions = new Session($config); // To get a session, use the 'getSection' method. $key = $sessions->getSection()->get('key'); //...
Please see CHANGELOG for more information what has changed recently.
Please see CONTRIBUTING for details.
To run the tests you'll have to start the included node based server if any first in a separate terminal window.
With the server running, you can start testing.
If you discover any security related issues, please report using the issue tracker. use our example Issue Report template.
You're free to use this package, but if it makes it to your production environment we highly appreciate you sending us a message on our website, mentioning which of our package(s) you are using.
We publish all received request's on our website;
Biurad Lap is a technology agency in Accra, Ghana. You'll find an overview of all our open source projects on our website.
Does your business depend on our contributions? Reach out and support us on to build more project's. We want to build over one hundred project's in two years. Support Us achieve our goal.
Reach out and support us on Patreon. All pledges will be dedicated to allocating workforce on maintenance and new awesome stuff.
The BSD-3-Clause . Please see License File for more information.