class Session (View source)

Handles all manipulation of the session.

An instance of a Session object can be retrieved via an HTTPRequest by calling the getSession() method.

In order to support things like testing, the session is associated with a particular Controller. In normal usage, this is loaded from and saved to the regular PHP session, but for things like static-page-generation and unit-testing, you can create multiple Controllers, each with their own session.

Saving Data

Once you've retrieved a session instance, you can write a value to a users session using the function Session::set().

 $request->getSession()->set('MyValue', 6);

Saves the value of "6" to the MyValue session data. You can also save arrays or serialized objects in session (but note there may be size restrictions as to how much you can save)


 $session = $request->getSession();

 // save a variable
 $var = 1;
 $session->set('MyVar', $var);

 // saves an array
 $session->set('MyArrayOfValues', array('1', '2', '3'));

 // saves an object (you'll have to unserialize it back)
 $object = new Object();

 $session->set('MyObject', serialize($object));

Accessing Data

Once you have saved a value to the Session you can access it by using the Session::get() function. Note that session data isn't persisted in PHP's own session store (via $_SESSION) until Session::save() is called, which happens automatically at the end of a standard request through SilverStripe\Control\Middleware\SessionMiddleware.

The values in the comments are the values stored from the previous example.

public function bar() {
 $session = $this->getRequest()->getSession();
 $value = $session->get('MyValue'); // $value = 6
 $var   = $session->get('MyVar'); // $var = 1
 $array = $session->get('MyArrayOfValues'); // $array = array(1,2,3)
 $object = $session->get('MyObject', unserialize($object)); // $object = Object()
}

You can also get all the values in the session at once. This is useful for debugging.

$session->getAll(); // returns an array of all the session values.

Clearing Data

Once you have accessed a value from the Session it doesn't automatically wipe the value from the Session, you have to specifically remove it. To clear a value you can either delete 1 session value by the name that you saved it

$session->clear('MyValue'); // MyValue is no longer 6.

Or you can clear every single value in the session at once. Note SilverStripe stores some of its own session data including form and page comment information. None of this is vital but clearAll() will clear everything.

 $session->clearAll();

Traits

Provides extensions to this object to integrate it with standard config API methods.

Config options

timeout int

Set session timeout in seconds.

session_ips array
session_store_path string
sessionCacheLimiter string|null

Name of session cache limiter to use.

strict_user_agent_check bool

Invalidate the session if user agent header changes between request. Defaults to true. Disabling this checks is not recommended.

Properties

protected array|null $data

Session data.

protected bool $started
protected array $changedData

List of keys changed. This is a nested array which represents the keys modified in $this->data. The value of each item is either "true" or a nested array.

Methods

public static 
config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

public
mixed
uninherited(string $name)

Gets the uninherited value for the given config option

protected
string
userAgent(HTTPRequest $request)

Get user agent for this request

public
__construct(array|null|Session $data)

Start PHP session, then create a new Session object with the given start data.

public
init(HTTPRequest $request)

Init this session instance before usage, if a session identifier is part of the passed in request.

public
restart(HTTPRequest $request)

Destroy existing session and restart

public
bool
isStarted()

Determine if this session has started

public
bool
requestContainsSessionId(HTTPRequest $request)

No description

public
start(HTTPRequest $request)

Begin session, regardless if a session identifier is present in the request, or whether any session data needs to be written.

public
destroy(bool $removeCookie = true, HTTPRequest $request = null)

Destroy this session

public
$this
set(string $name, mixed $val)

Set session value

public
addToArray(string $name, mixed $val)

Merge value with array

public
mixed
get(string $name)

Get session value

public
$this
clear(string $name)

Clear session value

public
clearAll()

Clear all values

public
array|null
getAll()

Get all values

public
finalize(HTTPRequest $request)

Set user agent key

public
save(HTTPRequest $request)

Save data to session Only save the changes, so that anyone manipulating $_SESSION directly doesn't get burned.

protected
recursivelyApply(array $data, array $dest)

Recursively apply the changes represented in $data to $dest.

public
array
changedData()

Returns the list of changed keys

Details

static Config_ForClass config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

Return Value

Config_ForClass

mixed uninherited(string $name)

Gets the uninherited value for the given config option

Parameters

string $name

Return Value

mixed

protected string userAgent(HTTPRequest $request)

Get user agent for this request

Parameters

HTTPRequest $request

Return Value

string

__construct(array|null|Session $data)

Start PHP session, then create a new Session object with the given start data.

Parameters

array|null|Session $data

Can be an array of data (such as $_SESSION) or another Session object to clone. If null, this session is treated as unstarted.

init(HTTPRequest $request)

Init this session instance before usage, if a session identifier is part of the passed in request.

Otherwise, a session might be started in save() if session data needs to be written with a new session identifier.

Parameters

HTTPRequest $request

restart(HTTPRequest $request)

Destroy existing session and restart

Parameters

HTTPRequest $request

bool isStarted()

Determine if this session has started

Return Value

bool

bool requestContainsSessionId(HTTPRequest $request)

No description

Parameters

HTTPRequest $request

Return Value

bool

start(HTTPRequest $request)

Begin session, regardless if a session identifier is present in the request, or whether any session data needs to be written.

See init() if you want to "lazy start" a session.

Parameters

HTTPRequest $request

The request for which to start a session

destroy(bool $removeCookie = true, HTTPRequest $request = null)

Destroy this session

Parameters

bool $removeCookie
HTTPRequest $request

The request for which to destroy a session

$this set(string $name, mixed $val)

Set session value

Parameters

string $name
mixed $val

Return Value

$this

addToArray(string $name, mixed $val)

Merge value with array

Parameters

string $name
mixed $val

mixed get(string $name)

Get session value

Parameters

string $name

Return Value

mixed

$this clear(string $name)

Clear session value

Parameters

string $name

Return Value

$this

clearAll()

Clear all values

array|null getAll()

Get all values

Return Value

array|null

finalize(HTTPRequest $request)

Set user agent key

Parameters

HTTPRequest $request

save(HTTPRequest $request)

Save data to session Only save the changes, so that anyone manipulating $_SESSION directly doesn't get burned.

Parameters

HTTPRequest $request

protected recursivelyApply(array $data, array $dest)

Recursively apply the changes represented in $data to $dest.

Used to update $_SESSION

Parameters

array $data
array $dest

array changedData()

Returns the list of changed keys

Return Value

array