Using Session

Normal PHP sessions will work exactly as expected, but this library also provides a more advanced session mechanism that you can take advantage of if you wish, in the form of the T_Session_Handler class.

Session CRUD

The session handler has get and set methods to associate a value with a string key; an exists method to check if a value is set; and a delete method to remove elements.

  1. <?php
  2. $session = $env->like('T_Session_Handler');
  3. $session->set('name','rob');
  4. if ($session->exists('name')) {
  5. echo $session->get('name'); // rob
  6. }
  8. // the second argument to get can be any
  9. // valid filter/callback function...
  10. echo $session->get('name','ucfirst'); // Rob
  12. // remove name element
  13. $session->delete('name');
  14. ?>

Managing Session

The session can be regenerated or destroyed via the session handler:

  1. <?php
  2. // regenerate on a change of permission level
  3. // to avoid session fixation
  4. if ($user = try_login($_POST)) {
  5. $session->regenerate();
  6. $session->set('user',$user->getId());
  7. }
  9. // .. or destroy to remove session.
  10. if ($logout) {
  11. $session->destroy();
  12. }
  13. ?>

How Session Data is Stored

By default the session data is stored using the native php session storage mechanism (usually file-based, but this will depend on your php.ini settings). However, you can configure the session handler to use a storage method of your choosing by writing your own "driver" that implements the T_Session_Driver interface.

  1. <?php
  2. class MySessionDriver implements T_Session_Driver
  3. {
  4. function save($data) { /* ... */ }
  5. function get() { /* ... */ }
  6. function regenerate() { /* ... */ }
  7. function destroy() { /* ... */ }
  8. }
  9. $session->addDriver(new MySessionDriver);
  10. // ^ remember to add your driver to session
  11. // *before* you start using it!
  12. ?>

Namespacing: Different Storage for Different Values

The session handler allows you to namespace the values you insert into session using the forward slash character, and then store differently namespaced data using different storage drivers.

For example, say your application maintains in session a mixture of non-sensitive data and sensitive user authentication tokens; it serves pages over either http and https with https being used whenever the sensitive user data is required.

In this case we decide we will store all sensitive user data under a 'user' namespace and will write our own session driver for these values that writes to/from a db and uses https cookies to identify the user. For all other data we will just use the normal PHP native session driver.

  1. <?php
  2. // setup in bootstrap
  3. class UserSessionDriver implements T_Session_Driver
  4. {
  5. function save($data) { /* ... */ }
  6. function get() { /* ... */ }
  7. function regenerate() { /* ... */ }
  8. function destroy() { /* ... */ }
  9. }
  10. $session = $env->like('T_Session_Handler');
  11. $session->addDriver(new T_Session_NativeDriver)
  12. ->addDriver(new UserSessionDriver,'user');
  14. // ... in use ...
  16. $session->set('user/id',$user->getId());
  17. $id = $session->set('user/id');
  18. // ^ stored in db, identified via https cookie
  20. $session->set('client','mobile');
  21. // ^ stored using native session handler
  22. ?>

How-Tos

Want to see the code?

If you want to poke around the code itself, you can use git to grab yourself a copy.

Reference

If you're already familar with the codebase but simply want to look something up, best to head over to the code reference.

Had enough of an introduction?