class CookieStore extends BaseStore (View source)

A session store which stores the session data in an encrypted & signed cookie.

This way the server doesn't need to open a database connection or have a shared filesystem for reading the session from - the client passes through the session with every request.

This approach does have some limitations - cookies can only be quite small (4K total, but we limit to 1K) and can only be set before the server starts sending a response.

So we clear the cookie on Session startup (which should always be before the headers get sent), but just fail on Session write if we can't use cookies, assuming there's something watching for that & providing a fallback

Traits

Provides extensions to this object to integrate it with standard config API methods.

Config options

max_length int

Maximum length of a cookie value in characters

Properties

protected string|null $key

Session secret key

from  BaseStore
protected CryptoHandler|null $crypto

Encryption service

string $cookie

Name of cookie

protected string|null $currentCookieData

Known unmodified value of this cookie. If the cookie backend has been read into the application, then the backend is unable to verify the modification state of this value internally within the system, so this will be left null unless written back.

Methods

public static 
config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

public
mixed
uninherited(string $name)

Gets the uninherited value for the given config option

public
void
setKey(string|null $key)

Assign a new session secret key

protected
string|null
getKey()

Get the session secret key

protected
int
getLifetime()

Get lifetime in number of seconds

protected
int
getNow()

Gets the current unix timestamp

public
bool
open(string $save_path, string $name)

No description

public
bool
close()

No description

protected
CryptoHandler|null
getCrypto(string $session_id)

Get the cryptography store for the specified session

public
string|false
read(string $session_id)

No description

protected
bool
canWrite()

Determine if the session could be verifiably written to cookie storage

public
bool
write(string $session_id, string $session_data)

No description

public
bool
destroy(string $session_id)

No description

public
int|false
gc(int $maxlifetime)

No description

Details

static Config_ForClass config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

Return Value

Config_ForClass

mixed uninherited(string $name)

Gets the uninherited value for the given config option

Parameters

string $name

Return Value

mixed

void setKey(string|null $key)

Assign a new session secret key

Parameters

string|null $key

Return Value

void

protected string|null getKey()

Get the session secret key

Return Value

string|null

protected int getLifetime()

Get lifetime in number of seconds

Return Value

int

protected int getNow()

Gets the current unix timestamp

Return Value

int

bool open(string $save_path, string $name)

No description

Parameters

string $save_path
string $name

Return Value

bool

bool close()

No description

Return Value

bool

protected CryptoHandler|null getCrypto(string $session_id)

Get the cryptography store for the specified session

Parameters

string $session_id

Return Value

CryptoHandler|null

string|false read(string $session_id)

No description

Parameters

string $session_id

Return Value

string|false

protected bool canWrite()

Determine if the session could be verifiably written to cookie storage

Return Value

bool

bool write(string $session_id, string $session_data)

No description

Parameters

string $session_id
string $session_data

Return Value

bool

bool destroy(string $session_id)

No description

Parameters

string $session_id

Return Value

bool

int|false gc(int $maxlifetime)

No description

Parameters

int $maxlifetime

Return Value

int|false