HybridSessionStore_Cookie
class HybridSessionStore_Cookie extends HybridSessionStore_Base (View source)
Class HybridSessionStore_Cookie
A session store which stores the session data in an encrypted & signed cookie.
This way the server doesn't need to open a database connection or have a shared filesystem for reading the session from - the client passes through the session with every request.
This approach does have some limitations - cookies can only be quite small (4K total, but we limit to 1K) and can only be set before the server starts sending a response.
So we clear the cookie on Session startup (which should always be before the headers get sent), but just fail on Session write if we can't use cookies, assuming there's something watching for that & providing a fallback
Properties
protected | string | $key | Session secret key |
from HybridSessionStore_Base |
protected | HybridSessionStore_Crypto | $crypto | Encryption service |
|
protected | string | $cookie | Name of cookie |
|
protected | string | $currentCookieData | Known unmodified value of this cookie. If the cookie backend has been read into the application, then the backend is unable to verify the modification state of this value internally within the system, so this will be left null unless written back. |
Methods
Get the cryptography store for the specified session
Details
setKey(string $key)
Assign a new session secret key
protected string
getKey()
Get the session secret key
protected int
getLifetime()
Get lifetime in number of seconds
protected int
getNow()
Gets the current unix timestamp
open($save_path, $name)
No description
close()
No description
protected HybridSessionStore_Crypto
getCrypto(string $session_id)
Get the cryptography store for the specified session
read($session_id)
No description
protected bool
canWrite()
Determine if the session could be verifably written to cookie storage
write($session_id, $session_data)
No description
destroy($session_id)
No description
gc($maxlifetime)
No description