Client side encrypted sessions for Silex

v1.1 2019-02-17 21:27 UTC

This package is auto-updated.

Last update: 2021-03-18 10:28:07 UTC


Beta Status

cookie icon by Rashida Luqman Kheriwala from the Noun Project

This package provides client side, cookie based sessions for Silex. It is a standalone implementation and does not use Symfony's session mechanism. Session data is stored in a cookie allowing excellent horizontal scalability. The serialized data is encryption using defuse/php-encryption to ensure it is safe in the wild.


Installation is easy via composer:

composer require ronanchilvers/silex-sessions


Firstly you need to add the service provider. There are various configuration options (detailed below) but you must at least provide an encryption key. See the key generation section below for details on creating a secure key.

$app->register(new Ronanchilvers\Silex\Sessions\SessionProvider(), [
    'encryption.key' => $secureKey

Configuration options

There are various configuration options you can use, mostly to tweak the cookie storage the session uses. These are:

  • - The name of the session cookie
  • cookie.expire - Expiry time for the cookie - by default when the browser closes
  • cookie.path - The cookie path - '/' by default
  • cookie.domain - The cookie domain - empty by default
  • - Whether the session cookie should only be valid for HTTPS connections
  • cookie.http.only - Whether the cookie should only be available via HTTP
  • encryption.key - The secure encryption key to use for encrypting and decrypting the cookie payload


SessionProvider registers a couple of services on the container:

  • A session service, the standard session interface. This service has the usual get(), set(), addFlash() and getFlash() methods available.
  • If you're using knplabs/console-service-provider you'll also get a session:key:generate command to use for key generation. NB: Make sure that you register the console provider before the session provider.
// Set session variables
$app['session']->set('name', 'Fred Bloggs');
$app['session']->set('stuff', ['data' => 123]);
$app['session']->addFlash('notice', 'Yeehaa!');

// Get them out again
$name = $app['session']->get('name');
// With a default
$stuff = $app['session']->get('stuff', []);

// Get the flashes for a particular type
foreach ($app['session']->getFlashes('notice') as $message) {
    echo "<p>Notice : {$message}</p>";

Symfony Web Profiler Support

A data collector for the Symfony Web Profiler is included. To use it you need to first add the silex/web-profiler package to your project. Then enable the web profiler providers like so:

$app->register(new Silex\Provider\WebProfilerServiceProvider(), [
    'profiler.cache_dir' => 'a directory somewhere',
$app->register(new Ronanchilvers\Silex\Sessions\SessionWebProfilerProvider());

You should then start seeing a new button on the profiler toolbar and a new panel showing the session contents.

Encryption Key Generation

Generating a decently secure encryption key is important to maintain the security of the session data. This package provides a Symfony console command to generate and output an ASCII safe key which you can store in a config file. The console command is added automatically if you're using knplabs/console-service-provider.

$ php bin/console session:key:generate
Generating new random encryption key
Key : aaf2234228005e7766c2e5075d9d229a4ff9fd0788a8c1d4dde08b1aa3a3d0e413c7694174201e20989fcb9db8238a8b6bdb1277f3d0e413c766c2e5075d9d2197d4d5b