Provide also traditional sessions?
Closed this issue · 15 comments
Since we renamed the repo from StorageLessSession to PSR7Session, we may as well introduce support for a "standard" session middleware (with session IDs and server-side session storage):
- UUID based (no low crypto ID generation)
- file-only support first (like
ext/session) - same concepts as
ext/session(validity of entries, etc) - clear adapter specification (stuff like GC should be a detail)
- API to force session ID regeneration
- same session container stuff that we currently have
Possible storage adapter interface (requires further inspecting):
interface SessionStorage
{
public function save(SessionInterface $session);
public function load(SessionIdInterface $id) : SessionInterface;
public function destroy(SessionIdInterface $id);
}I would still apply the rules around the contents (do not allow object serialization).
👍
👍
Sounds great. Would I be able to use this (easily) an an MVC context? I think we would need some class that knows about the storage and pulls the session data from there or creates a new session if no session cookie is set.
Some class that knows about the storage and pulls the session data from there or creates a new session if no session cookie is set.
Probably not - the problem with this kind of approach is that the session system would need to be aware of the "current" request.
Something like you proposed in #zendframework/zend-session#11 could work:
$sessionContainer = $sessionManager->fromRequest($request);The only problem with my proposal is how to get the newly created session ID into the response. That would have to be done manually after obtaining the new session container, wouldn't it?
@MidnightDesign I suggest looking at the current middleware for an idea of how this is achieved: the middleware wraps the entire app execution context and can decide when a session needs to be written to disk.
Yeah, I get how this works. And I love Middleware. But I'm thinking about other contexts right now - in my case ZF2. That wouldn't be possible there, would it? Well, maybe with events...
When do you think will you be able to start working on that stuff? I could try implementing a ZF2 module based on your work. Can I help you with anything on this project?
@MidnightDesign if you could try implementing the storage-based sessions, that would be rad.
It shouldn't be too complex
EDIT: I mean implementing what is (kinda) specced out in this issue, but ZF-agnostic (this is relevant also for getting it into ZF later on)
I've never contributed any larger chunks of code to an open source project before (just little bugfixes and stuff), but I'm be happy to give it a shot.
@MidnightDesign this issue is marked for 2.0.0 - you are free to do whatever you want on it :-)
Suggestion: open a PR early, so that it can be discussed carefully.
I'll just open the PR with only the interfaces you mentioned we'll see where it goes from there. Should I open it against master or are you going to create a 2.0 branch?
@MidnightDesign master, thanks! :-)
just a thought
in other languages "session" even don't exists
and be a no-state application is a great goal for new app (and this lib is made for PHP7 app)...
session with no storage is a great way to push the good practice of not using the session at all,
and use the psr interface only for auth.
I'm not saying you shouldn't are just few thoughts.
Closing as per #30 (comment)