AbstractSessionHandler
abstract class AbstractSessionHandler implements SessionHandlerInterface, SessionUpdateTimestampHandlerInterface (View source)
Methods
Check the PHP session ID i.e. PHPSESSID is valid against the default PHP session ID format.
Details
protected int
getLifetime()
Get the session lifetime in seconds.
Returns the cookie lifetime if it's non-zero, otherwise returns the garbage collection lifetime.
protected void
checkSessionID(string $id)
Check the PHP session ID i.e. PHPSESSID is valid against the default PHP session ID format.
This is a security measure to prevent people from injecting invalid session IDs in the request.
This only needs to be called on read() We do not need to call this on write(), destroy(), updateTimestamp(), or validateId() as those methods are only called for session IDs that have already been accepted by PHP.