class HybridSessionStore_Cookie extends HybridSessionStore_Base (View source)

Class HybridSessionStore_Cookie

A session store which stores the session data in an encrypted & signed cookie.

This way the server doesn't need to open a database connection or have a shared filesystem for reading the session from - the client passes through the session with every request.

This approach does have some limitations - cookies can only be quite small (4K total, but we limit to 1K) and can only be set before the server starts sending a response.

So we clear the cookie on Session startup (which should always be before the headers get sent), but just fail on Session write if we can't use cookies, assuming there's something watching for that & providing a fallback

Properties

protected string $key

Session secret key

from  HybridSessionStore_Base
protected HybridSessionStore_Crypto $crypto

Encryption service

string $cookie

Name of cookie

protected string $currentCookieData

Known unmodified value of this cookie. If the cookie backend has been read into the application, then the backend is unable to verify the modification state of this value internally within the system, so this will be left null unless written back.

Methods

public
setKey(string $key)

Assign a new session secret key

protected
string
getKey()

Get the session secret key

protected
int
getLifetime()

Get lifetime in number of seconds

protected
int
getNow()

Gets the current unix timestamp

public
open($save_path, $name)

No description

public
close()

No description

protected
getCrypto(string $session_id)

Get the cryptography store for the specified session

public
read($session_id)

No description

protected
bool
canWrite()

Determine if the session could be verifably written to cookie storage

public
write($session_id, $session_data)

No description

public
destroy($session_id)

No description

public
gc($maxlifetime)

No description

Details

setKey(string $key)

Assign a new session secret key

Parameters

string $key

protected string getKey()

Get the session secret key

Return Value

string

protected int getLifetime()

Get lifetime in number of seconds

Return Value

int

protected int getNow()

Gets the current unix timestamp

Return Value

int

open($save_path, $name)

No description

Parameters

$save_path
$name

close()

No description

protected HybridSessionStore_Crypto getCrypto(string $session_id)

Get the cryptography store for the specified session

Parameters

string $session_id

Return Value

HybridSessionStore_Crypto

read($session_id)

No description

Parameters

$session_id

protected bool canWrite()

Determine if the session could be verifably written to cookie storage

Return Value

bool

write($session_id, $session_data)

No description

Parameters

$session_id
$session_data

destroy($session_id)

No description

Parameters

$session_id

gc($maxlifetime)

No description

Parameters

$maxlifetime