dorcyv / jwt-session-bundle
Provide a client side session with JWT tokens
Installs: 599
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 1
Forks: 1
Open Issues: 0
Type:symfony-bundle
Requires
- php: >=7.1
- doctrine/collections: ^1.5
- lcobucci/jwt: ^3.2
- symfony/config: >=3.4
- symfony/dependency-injection: >=3.4
- symfony/event-dispatcher: >=3.4
- symfony/http-foundation: >=3.4
- symfony/http-kernel: >=3.4
This package is not auto-updated.
Last update: 2024-09-29 06:02:28 UTC
README
JwtSessionBundle is a PHP session replacement. Instead of use FileSystem, just use Json Web Token. Compatible with Symfony 3.4 and 4
Motivation
The default PHP Session does not work in different servers using round robin or other algorithms. This occurs because PHP Session are saved by default in the file system.
There are implementations can save the session to REDIS or MEMCACHED, for example. But this requires to you create a new server to store this session and creates a single point of failure. To avoid this you have to create REDIS/MEMCACHED clusters.
But if you save the session into JWT Token you do not need to create a new server. Just to use.
Security information
The JWT Token cannot be changed, but it can be read. This implementation save the JWT into a client cookie. Because of this do not store in the JWT Token sensible data like passwords.
Installation
Run composer require dorcyv/jwt-session-bundle
Set the session handler in the config/packages/framework.yaml
file:
framework: session: handler_id: Dorcyv\JwtSessionBundle\Session\JwtSessionHandler
That's it !