NativeSessionStorage
class NativeSessionStorage implements SessionStorageInterface
This provides a base class for session attribute storage.
Properties
protected SessionBagInterface[] | $bags | ||
protected bool | $started | ||
protected bool | $closed | ||
protected AbstractProxy|SessionHandlerInterface | $saveHandler | ||
protected MetadataBag | $metadataBag |
Methods
Depending on how you want the storage driver to behave you probably want to override this constructor entirely.
Gets the save handler instance.
Starts the session.
Returns the session ID.
Sets the session ID.
Returns the session name.
Sets the session name.
Regenerates id that represents this storage.
Force the session to be saved and closed.
Clear all session data in memory.
Gets a SessionBagInterface by name.
Gets the MetadataBag.
Checks if the session is started.
Sets session.* ini variables.
Registers session save handler as a PHP session handler.
Load the session with attributes.
Details
__construct(array $options = array(), SessionHandlerInterface|null $handler = null, MetadataBag $metaBag = null)
Depending on how you want the storage driver to behave you probably want to override this constructor entirely.
List of options for $options array with their defaults.
bool
regenerate(bool $destroy = false, int $lifetime = null)
Regenerates id that represents this storage.
This method must invoke session_regenerate_id($destroy) unless this interface is used for a storage object designed for unit or functional testing where a real PHP session would interfere with testing.
Note regenerate+destroy should not clear the session data in memory only delete the session data from persistent storage.
Care: When regenerating the session ID no locking is involved in PHP's session design. See https://bugs.php.net/bug.php?id=61470 for a discussion. So you must make sure the regenerated session is saved BEFORE sending the headers with the new ID. Symfony's HttpKernel offers a listener for this. See Symfony\Component\HttpKernel\EventListener\SaveSessionListener. Otherwise session data could get lost again for concurrent requests with the new ID. One result could be that you get logged out after just logging in.
save()
Force the session to be saved and closed.
This method must invoke session_write_close() unless this interface is used for a storage object design for unit or functional testing where a real PHP session would interfere with testing, in which case it should actually persist the session data if required.
setOptions(array $options)
Sets session.* ini variables.
For convenience we omit 'session.' from the beginning of the keys. Explicitly ignores other ini keys.
setSaveHandler(SessionHandlerInterface|null $saveHandler = null)
Registers session save handler as a PHP session handler.
To use internal PHP session save handlers, override this method using ini_set with session.save_handler and session.save_path e.g.
ini_set('session.save_handler', 'files');
ini_set('session.save_path', '/tmp');
or pass in a \SessionHandler instance which configures session.save_handler in the constructor, for a template see NativeFileSessionHandler or use handlers in composer package drak/native-session
protected
loadSession(array $session = null)
Load the session with attributes.
After starting the session, PHP retrieves the session from whatever handlers are set to (either PHP's internal, or a custom save handler set with session_set_save_handler()). PHP takes the return value from the read() handler, unserializes it and populates $_SESSION with the result automatically.