class Session (View source)

Handles all manipulation of the session.

An instance of a Session object can be retrieved via an HTTPRequest by calling the getSession() method.

In order to support things like testing, the session is associated with a particular Controller. In normal usage, this is loaded from and saved to the regular PHP session, but for things like static-page-generation and unit-testing, you can create multiple Controllers, each with their own session.

Saving Data

Once you've retrieved a session instance, you can write a value to a users session using the function {@link Session::set()}.

$request->getSession()->set('MyValue', 6);

Saves the value of "6" to the MyValue session data. You can also save arrays or serialized objects in session (but note there may be size restrictions as to how much you can save)

$session = $request->getSession();

// save a variable $var = 1; $session->set('MyVar', $var);

// saves an array $session->set('MyArrayOfValues', array('1', '2', '3'));

// saves an object (you'll have to unserialize it back) $object = new Object();

$session->set('MyObject', serialize($object));

Accessing Data

Once you have saved a value to the Session you can access it by using the {@link Session::get()} function. Note that session data isn't persisted in PHP's own session store (via $_SESSION) until {@link Session::save()} is called, which happens automatically at the end of a standard request through {@link SilverStripe\Control\Middleware\SessionMiddleware}.

The values in the comments are the values stored from the previous example.

public function bar() { $session = $this->getRequest()->getSession(); $value = $session->get('MyValue'); // $value = 6 $var = $session->get('MyVar'); // $var = 1 $array = $session->get('MyArrayOfValues'); // $array = array(1,2,3) $object = $session->get('MyObject', unserialize($object)); // $object = Object() }

You can also get all the values in the session at once. This is useful for debugging.

$session->getAll(); // returns an array of all the session values.

Clearing Data

Once you have accessed a value from the Session it doesn't automatically wipe the value from the Session, you have to specifically remove it. To clear a value you can either delete 1 session value by the name that you saved it

$session->clear('MyValue'); // MyValue is no longer 6.

Or you can clear every single value in the session at once. Note SilverStripe stores some of its own session data including form and page comment information. None of this is vital but clearAll() will clear everything.

$session->clearAll();

Traits

Provides extensions to this object to integrate it with standard config API methods.

Properties

static private int $timeout

Set session timeout in seconds.

static private array $session_ips
$cookie_domain
$cookie_path
static private string $session_store_path
$cookie_secure
$cookie_name_secure
static private bool $strict_user_agent_check

Invalidate the session if user agent header changes between request. Defaults to true. Disabling this checks is not recommended.

Methods

static Config_ForClass
config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

mixed
stat(string $name) deprecated

Get inherited config value

mixed
uninherited(string $name)

Gets the uninherited value for the given config option

$this
set_stat(string $name, mixed $value) deprecated

Update the config value for a given property

__construct(array|null|Session $data)

Start PHP session, then create a new Session object with the given start data.

init(HTTPRequest $request)

Init this session instance before usage, if a session identifier is part of the passed in request.

restart(HTTPRequest $request)

Destroy existing session and restart

bool
isStarted()

Determine if this session has started

bool
requestContainsSessionId(HTTPRequest $request)

No description

start(HTTPRequest $request)

Begin session, regardless if a session identifier is present in the request, or whether any session data needs to be written.

destroy(bool $removeCookie = true)

Destroy this session

$this
set(string $name, mixed $val)

Set session value

addToArray(string $name, mixed $val)

Merge value with array

mixed
get(string $name)

Get session value

$this
clear(string $name)

Clear session value

clearAll()

Clear all values

array|null
getAll()

Get all values

finalize(HTTPRequest $request)

Set user agent key

save(HTTPRequest $request)

Save data to session Only save the changes, so that anyone manipulating $_SESSION directly doesn't get burned.

array
changedData()

Returns the list of changed keys

Details

static Config_ForClass config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

Return Value

Config_ForClass

mixed stat(string $name) deprecated

deprecated 5.0 Use ->config()->get() instead

Get inherited config value

Parameters

string $name

Return Value

mixed

mixed uninherited(string $name)

Gets the uninherited value for the given config option

Parameters

string $name

Return Value

mixed

$this set_stat(string $name, mixed $value) deprecated

deprecated 5.0 Use ->config()->set() instead

Update the config value for a given property

Parameters

string $name
mixed $value

Return Value

$this

__construct(array|null|Session $data)

Start PHP session, then create a new Session object with the given start data.

Parameters

array|null|Session $data

Can be an array of data (such as $_SESSION) or another Session object to clone. If null, this session is treated as unstarted.

init(HTTPRequest $request)

Init this session instance before usage, if a session identifier is part of the passed in request.

Otherwise, a session might be started in {@link save()} if session data needs to be written with a new session identifier.

Parameters

HTTPRequest $request

restart(HTTPRequest $request)

Destroy existing session and restart

Parameters

HTTPRequest $request

bool isStarted()

Determine if this session has started

Return Value

bool

bool requestContainsSessionId(HTTPRequest $request)

Parameters

HTTPRequest $request

Return Value

bool

start(HTTPRequest $request)

Begin session, regardless if a session identifier is present in the request, or whether any session data needs to be written.

See {@link init()} if you want to "lazy start" a session.

Parameters

HTTPRequest $request

The request for which to start a session

destroy(bool $removeCookie = true)

Destroy this session

Parameters

bool $removeCookie

$this set(string $name, mixed $val)

Set session value

Parameters

string $name
mixed $val

Return Value

$this

addToArray(string $name, mixed $val)

Merge value with array

Parameters

string $name
mixed $val

mixed get(string $name)

Get session value

Parameters

string $name

Return Value

mixed

$this clear(string $name)

Clear session value

Parameters

string $name

Return Value

$this

clearAll()

Clear all values

array|null getAll()

Get all values

Return Value

array|null

finalize(HTTPRequest $request)

Set user agent key

Parameters

HTTPRequest $request

save(HTTPRequest $request)

Save data to session Only save the changes, so that anyone manipulating $_SESSION directly doesn't get burned.

Parameters

HTTPRequest $request

array changedData()

Returns the list of changed keys

Return Value

array