collecthor / yii2-session-auth
Session authentication for your API
Installs: 14 606
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Requires
- php: >= 8.1
Requires (Dev)
- captainhook/captainhook: ^5.10
- captainhook/plugin-composer: ^5.3
- phpunit/phpunit: ^9.5
- ramsey/conventional-commits: ^1.3
- symplify/easy-coding-standard: ^10.1
- vimeo/psalm: ^4.21
- yiisoft/yii2: ^2.0
README
When you expose an API you often have a different configuration for authentication. Most APIs use some kind of session-less authentication using tokens of some kind.
This component implements such session-less authentication where the token is the session key.
It works by shortly opening the session to extract the relevant data, then aborting it using session_abort()
. This means
there is no write done to the session and locking (if using the standard file backend) is kept to a minimum.