sFire PHP Framework
HTTP is stateless: a client computer must establish a new TCP network connection to the web server with each new request. The webserver, therefore, cannot rely on an established TCP network connection for longer than a single HTTP GET or POST operation. Session management is the technique used by the web developer to make the stateless HTTP protocol support session state. For example, once a user has been authenticated to the web server, the user's next HTTP request should not cause the web server to ask for the user's account and password again.
sFire\Session\Session makes it a breeze to create new sessions to store and retrieve data so the application can "remember" if a uses is already logged in, or which items the user has in his/her cart.
There are two session drivers you can use for storing data.
sFire\Session\Driver\Plain session is based on the PHP $_SESSION to store and retrieve data.
use sFire\Session\Session;
$session = new Session('Plain');
Click here to view more information about the Plain session driver.
sFire\Session\Driver\Encrypted session will encrypt all the data server side for extra protection. It will use the AES-256-CBC method and SHA256 algorithm to encrypt the session.
use sFire\Session\Session;
$session = new Session('Encrypted');
Click here to view more information about the Encrypted session driver.
Note: OpenSSL should be installed for this driver to work properly.
For using the session, we need to be able to obtain the session instance from almost everywhere in our code. To do so, you need to edit the app.php and add a new record to the services Array:
//Service providers
Application :: add('services', [
'session' => function() {
return sFire\Session\Session('Plain'); //Using the Plain driver
},
];
In this case we used the Plain session driver. Our session instance is called "session" as a key for obtaining this instance in the controllers and models which we can call like:
$session = $this -> service('session');
You can use the add method to store a new value into the session based on a key/value structure.
$session -> add(String $key, String $value);
$session -> add('foo', 'bar');
There are different ways to retrieve data from the session.
To retrieve the value based on a String key, you may use the get method.
echo $session -> get('foo');
To retrieve all the data stored in the session you can use the all method. This method will return an Array.
$data = $session -> all();
print_r($data);
You may also use the pull method to retrieve data (see the pull method in the removing data section for more details).
You can delete a key, pull a single key or even flush them all.
To delete a value you may use the remove method. This method deletes the data based on a String key.
$session -> remove('foo');
The pull method lets you read and delete the data for single use.
echo $session -> pull('foo'); //Will output the value of the data "foo" and removes it after
To delete all data you may use the flush method.
$session -> flush();
If you want to check if a key exists, you can use the has method. This method will return a Boolean true if exists and a Boolean false if not.
$exists = $session -> has('foo');
var_dump($exists); //Outputs true/false
You can retrieve the session id by calling the getSessionId method.
$session -> getSessionId();
As the function name says, it is a function that will replace the current session id with a new one and keep the current session information.
It mainly helps prevent session fixation attacks. Session fixation attacks is where a malicious user tries to exploit the vulnerability in a system to fixate (set) the session ID (SID) of another user. By doing so, they will get complete access as the original user and be able to do tasks that would otherwise require authentication.
To prevent such attacks, you can use the regenerate method to regenerate the session id
$session -> regenerate();