class Session

Handles all manipulation of the session.

An instance of a Session object can be retrieved via an HTTPRequest by calling the getSession() method.

In order to support things like testing, the session is associated with a particular Controller. In normal usage, this is loaded from and saved to the regular PHP session, but for things like static-page-generation and unit-testing, you can create multiple Controllers, each with their own session.

Saving Data

Once you've retrieved a session instance, you can write a value to a users session using the function {@link Session::set()}.

$request->getSession()->set('MyValue', 6);

Saves the value of "6" to the MyValue session data. You can also save arrays or serialized objects in session (but note there may be size restrictions as to how much you can save)

$session = $request->getSession();

// save a variable $var = 1; $session->set('MyVar', $var);

// saves an array $session->set('MyArrayOfValues', array('1', '2', '3'));

// saves an object (you'll have to unserialize it back) $object = new Object();

$session->set('MyObject', serialize($object));

Accessing Data

Once you have saved a value to the Session you can access it by using the {@link Session::get()} function. Note that session data isn't persisted in PHP's own session store (via $_SESSION) until {@link Session::save()} is called, which happens automatically at the end of a standard request through {@link SilverStripe\Control\Middleware\SessionMiddleware}.

The values in the comments are the values stored from the previous example.

public function bar() { $session = $this->getRequest()->getSession(); $value = $session->get('MyValue'); // $value = 6 $var = $session->get('MyVar'); // $var = 1 $array = $session->get('MyArrayOfValues'); // $array = array(1,2,3) $object = $session->get('MyObject', unserialize($object)); // $object = Object() }

You can also get all the values in the session at once. This is useful for debugging.

$session->getAll(); // returns an array of all the session values.

Clearing Data

Once you have accessed a value from the Session it doesn't automatically wipe the value from the Session, you have to specifically remove it. To clear a value you can either delete 1 session value by the name that you saved it

$session->clear('MyValue'); // MyValue is no longer 6.

Or you can clear every single value in the session at once. Note SilverStripe stores some of its own session data including form and page comment information. None of this is vital but clearAll() will clear everything.

$session->clearAll();

Traits

Provides extensions to this object to integrate it with standard config API methods.

Config options

timeout int Set session timeout in seconds.
session_ips array
cookie_domain string
cookie_path string
session_store_path string
cookie_secure boolean
cookie_name_secure string
strict_user_agent_check bool Invalidate the session if user agent header changes between request. Defaults to true. Disabling this checks is not recommended.

Methods

static Config_ForClass
config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .

mixed
stat(string $name) deprecated

Get inherited config value

mixed
uninherited(string $name)

Gets the uninherited value for the given config option

$this
set_stat(string $name, mixed $value) deprecated

Update the config value for a given property

__construct(array|null|Session $data)

Start PHP session, then create a new Session object with the given start data.

init(HTTPRequest $request)

Init this session instance before usage, if a session identifier is part of the passed in request.

restart(HTTPRequest $request)

Destroy existing session and restart

bool
isStarted()

Determine if this session has started

bool
requestContainsSessionId(HTTPRequest $request)

No description

start(HTTPRequest $request)

Begin session, regardless if a session identifier is present in the request, or whether any session data needs to be written.

destroy(bool $removeCookie = true)

Destroy this session

$this
set(string $name, mixed $val)

Set session value

addToArray(string $name, mixed $val)

Merge value with array

mixed
get(string $name)

Get session value

$this
clear(string $name)

Clear session value

clearAll()

Clear all values

array|null
getAll()

Get all values

finalize(HTTPRequest $request)

Set user agent key

save(HTTPRequest $request)

Save data to session Only save the changes, so that anyone manipulating $_SESSION directly doesn't get burned.

array
changedData()

Returns the list of changed keys

Details

in Configurable at line 20
static Config_ForClass config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .

....).

Return Value

Config_ForClass

in Configurable at line 32
mixed stat(string $name) deprecated

deprecated 5.0 Use ->config()->get() instead

Get inherited config value

Parameters

string $name

Return Value

mixed

in Configurable at line 44
mixed uninherited(string $name)

Gets the uninherited value for the given config option

Parameters

string $name

Return Value

mixed

in Configurable at line 57
$this set_stat(string $name, mixed $value) deprecated

deprecated 5.0 Use ->config()->set() instead

Update the config value for a given property

Parameters

string $name
mixed $value

Return Value

$this

at line 208
__construct(array|null|Session $data)

Start PHP session, then create a new Session object with the given start data.

Parameters

array|null|Session $data Can be an array of data (such as $_SESSION) or another Session object to clone. If null, this session is treated as unstarted.

at line 226
init(HTTPRequest $request)

Init this session instance before usage, if a session identifier is part of the passed in request.

Otherwise, a session might be started in {@link save()} if session data needs to be written with a new session identifier.

Parameters

HTTPRequest $request

at line 249
restart(HTTPRequest $request)

Destroy existing session and restart

Parameters

HTTPRequest $request

at line 260
bool isStarted()

Determine if this session has started

Return Value

bool

at line 269
bool requestContainsSessionId(HTTPRequest $request)

Parameters

HTTPRequest $request

Return Value

bool

at line 283
start(HTTPRequest $request)

Begin session, regardless if a session identifier is present in the request, or whether any session data needs to be written.

See {@link init()} if you want to "lazy start" a session.

Parameters

HTTPRequest $request The request for which to start a session

at line 365
destroy(bool $removeCookie = true)

Destroy this session

Parameters

bool $removeCookie

at line 389
$this set(string $name, mixed $val)

Set session value

Parameters

string $name
mixed $val

Return Value

$this

at line 431
addToArray(string $name, mixed $val)

Merge value with array

Parameters

string $name
mixed $val

at line 454
mixed get(string $name)

Get session value

Parameters

string $name

Return Value

mixed

at line 465
$this clear(string $name)

Clear session value

Parameters

string $name

Return Value

$this

at line 489
clearAll()

Clear all values

at line 503
array|null getAll()

Get all values

Return Value

array|null

at line 513
finalize(HTTPRequest $request)

Set user agent key

Parameters

HTTPRequest $request

at line 524
save(HTTPRequest $request)

Save data to session Only save the changes, so that anyone manipulating $_SESSION directly doesn't get burned.

Parameters

HTTPRequest $request

at line 566
array changedData()

Returns the list of changed keys

Return Value

array