A PHP session implementation that is single-process safe, compatible with PSR-7 and PSR-15, and does not rely on global variables ($_SESSION, $_COOKIE, etc).
This implementation is patterned after the built-in PHP session library, but is not a drop-in replacement for it. This library differs from the PHP session library in the following ways:
- Requires PHP 8+
- Fully object-oriented
- Strict mode is always on and cannot be disabled
- Auto-start and auto-shutdown are not supported
- Reading/writing cookie and cache headers is handled in middleware (included)
- Handlers implement the built-in PHP SessionHandlerInterface, but the PHP SessionHandler class will not work because it depends internally on the PHP session extension
- Session data is accessed using a Session object, not via $_SESSION
This library is ideal for single-process event loop-driven applications, using servers like Swoole or ReactPHP.
- Array or Object Access
- Collision-Proof Secure ID Generation
- Data Persistance
- ID Regeneration
- Lockless Concurrency
- Garbage Collection
composer require compwright/php-session
See tests/integration/server/App
To run with PHP Development Server:
$ composer run-script start-php
To run with Swoole:
$ composer run-script start-swoole
$sessionFactory = new Compwright\PhpSession\Factory();
$manager = $sessionFactory->psr16Session(
/**
* @param Psr\SimpleCache\CacheInterface
*/
$cache,
/**
* @param array|Compwright\PhpSession\Config
*/
[
'name' => 'my_app',
'sid_length' => 48,
'sid_bits_per_character' => 5,
]
);
// Start the session
$manager->id($sid); // Read $sid from request
$started = $manager->start();
if ($started === false) {
throw new RuntimeException("The session failed to start");
}
// Read/write the current session
$session = $manager->getCurrentSession();
$session["foo"] = "bar";
unset($session["bar"]);
// Save and close the session
$ended = $manager->write_close();
if ($ended === false) {
throw new RuntimeException("The session failed to close properly, data may have been lost");
}