W3cubDocs

/Symfony 4.1

NativeSessionStorage

class NativeSessionStorage implements SessionStorageInterface

This provides a base class for session attribute storage.

Properties

protected SessionBagInterface[] $bags
protected bool $started
protected bool $closed
protected AbstractProxy|SessionHandlerInterface $saveHandler
protected MetadataBag $metadataBag

Methods

__construct(array $options = array(), SessionHandlerInterface|null $handler = null, MetadataBag $metaBag = null)

Depending on how you want the storage driver to behave you probably want to override this constructor entirely.

AbstractProxy|SessionHandlerInterface getSaveHandler()

Gets the save handler instance.

bool start()

Starts the session.

string getId()

Returns the session ID.

setId(string $id)

Sets the session ID.

mixed getName()

Returns the session name.

setName(string $name)

Sets the session name.

bool regenerate(bool $destroy = false, int $lifetime = null)

Regenerates id that represents this storage.

save()

Force the session to be saved and closed.

clear()

Clear all session data in memory.

registerBag(SessionBagInterface $bag)

Registers a SessionBagInterface for use.

SessionBagInterface getBag(string $name)

Gets a SessionBagInterface by name.

setMetadataBag(MetadataBag $metaBag = null)
MetadataBag getMetadataBag()

Gets the MetadataBag.

bool isStarted()

Checks if the session is started.

setOptions(array $options)

Sets session.* ini variables.

setSaveHandler(SessionHandlerInterface|null $saveHandler = null)

Registers session save handler as a PHP session handler.

loadSession(array $session = null)

Load the session with attributes.

Details

__construct(array $options = array(), SessionHandlerInterface|null $handler = null, MetadataBag $metaBag = null)

Depending on how you want the storage driver to behave you probably want to override this constructor entirely.

List of options for $options array with their defaults.

Parameters

array $options Session configuration options
SessionHandlerInterface|null $handler
MetadataBag $metaBag MetadataBag

See also

http://php.net/session.configuration for options but we omit 'session.' from the beginning of the keys for convenience. ("auto_start", is not supported as it tells PHP to start a session before PHP starts to execute user-land code. Setting during runtime has no effect). cache_limiter, "" (use "0" to prevent headers from being sent entirely). cache_expire, "0" cookie_domain, "" cookie_httponly, "" cookie_lifetime, "0" cookie_path, "/" cookie_secure, "" gc_divisor, "100" gc_maxlifetime, "1440" gc_probability, "1" lazy_write, "1" name, "PHPSESSID" referer_check, "" serialize_handler, "php" use_strict_mode, "0" use_cookies, "1" use_only_cookies, "1" use_trans_sid, "0" upload_progress.enabled, "1" upload_progress.cleanup, "1" upload_progress.prefix, "upload_progress_" upload_progress.name, "PHP_SESSION_UPLOAD_PROGRESS" upload_progress.freq, "1%" upload_progress.min-freq, "1" url_rewriter.tags, "a=href,area=href,frame=src,form=,fieldset=" sid_length, "32" sid_bits_per_character, "5" trans_sid_hosts, $_SERVER['HTTP_HOST'] trans_sid_tags, "a=href,area=href,frame=src,form="

AbstractProxy|SessionHandlerInterface getSaveHandler()

Gets the save handler instance.

Return Value

AbstractProxy|SessionHandlerInterface

bool start()

Starts the session.

Return Value

bool True if started

Exceptions

RuntimeException if something goes wrong starting the session

string getId()

Returns the session ID.

Return Value

string The session ID or empty

setId(string $id)

Sets the session ID.

Parameters

string $id

mixed getName()

Returns the session name.

Return Value

mixed The session name

setName(string $name)

Sets the session name.

Parameters

string $name

bool regenerate(bool $destroy = false, int $lifetime = null)

Regenerates id that represents this storage.

This method must invoke session_regenerate_id($destroy) unless this interface is used for a storage object designed for unit or functional testing where a real PHP session would interfere with testing.

Note regenerate+destroy should not clear the session data in memory only delete the session data from persistent storage.

Care: When regenerating the session ID no locking is involved in PHP's session design. See https://bugs.php.net/bug.php?id=61470 for a discussion. So you must make sure the regenerated session is saved BEFORE sending the headers with the new ID. Symfony's HttpKernel offers a listener for this. See Symfony\Component\HttpKernel\EventListener\SaveSessionListener. Otherwise session data could get lost again for concurrent requests with the new ID. One result could be that you get logged out after just logging in.

Parameters

bool $destroy Destroy session when regenerating?
int $lifetime Sets the cookie lifetime for the session cookie. A null value will leave the system settings unchanged, 0 sets the cookie to expire with browser session. Time is in seconds, and is not a Unix timestamp.

Return Value

bool True if session regenerated, false if error

Exceptions

RuntimeException If an error occurs while regenerating this storage

save()

Force the session to be saved and closed.

This method must invoke session_write_close() unless this interface is used for a storage object design for unit or functional testing where a real PHP session would interfere with testing, in which case it should actually persist the session data if required.

Exceptions

RuntimeException if the session is saved without being started, or if the session is already closed

clear()

Clear all session data in memory.

registerBag(SessionBagInterface $bag)

Registers a SessionBagInterface for use.

Parameters

SessionBagInterface $bag

SessionBagInterface getBag(string $name)

Gets a SessionBagInterface by name.

Parameters

string $name

Return Value

SessionBagInterface

Exceptions

InvalidArgumentException If the bag does not exist

setMetadataBag(MetadataBag $metaBag = null)

Parameters

MetadataBag $metaBag

MetadataBag getMetadataBag()

Gets the MetadataBag.

Return Value

MetadataBag

bool isStarted()

Checks if the session is started.

Return Value

bool True if started, false otherwise

setOptions(array $options)

Sets session.* ini variables.

For convenience we omit 'session.' from the beginning of the keys. Explicitly ignores other ini keys.

Parameters

array $options Session ini directives array(key => value)

See also

http://php.net/session.configuration

setSaveHandler(SessionHandlerInterface|null $saveHandler = null)

Registers session save handler as a PHP session handler.

To use internal PHP session save handlers, override this method using ini_set with session.save_handler and session.save_path e.g.

ini_set('session.save_handler', 'files');
ini_set('session.save_path', '/tmp');

or pass in a \SessionHandler instance which configures session.save_handler in the constructor, for a template see NativeFileSessionHandler or use handlers in composer package drak/native-session

Parameters

SessionHandlerInterface|null $saveHandler

Exceptions

InvalidArgumentException

See also

http://php.net/session-set-save-handler
http://php.net/sessionhandlerinterface
http://php.net/sessionhandler
http://github.com/drak/NativeSession

protected loadSession(array $session = null)

Load the session with attributes.

After starting the session, PHP retrieves the session from whatever handlers are set to (either PHP's internal, or a custom save handler set with session_set_save_handler()). PHP takes the return value from the read() handler, unserializes it and populates $_SESSION with the result automatically.

Parameters

array $session