Class \Prado\Web\THttpSession

THttpSession class

THttpSession provides session-level data management and the related configurations. To start the session, call open; to complete and send out session data, call close; to destroy the session, call destroy. If AutoStart is true, then the session will be started once the session module is loaded and initialized.

To access data stored in session, use THttpSession like an associative array. For example,

  $session=new THttpSession;
  $session->open();
  $value1=$session['name1'];  // get session variable 'name1'
  $value2=$session['name2'];  // get session variable 'name2'
  foreach($session as $name=>$value) // traverse all session variables
  $session['name3']=$value3;  // set session variable 'name3'

The following configurations are available for session: \Prado\Web\setAutoStart, \Prado\Web\setCookieMode, \Prado\Web\setSavePath, \Prado\Web\setUseCustomStorage, \Prado\Web\setGCProbability, \Prado\Web\setTimeout. See the corresponding setter and getter documentation for more information. Note, these properties must be set before the session is started.

THttpSession can be inherited with customized session storage method. Override _open, _close, _read, _write, _destroy and _gc and set \Prado\Web\setUseCustomStorage to true. Then, the session data will be stored using the above methods.

By default, THttpSession is registered with TApplication as the request module. It can be accessed via TApplication::getSession().

THttpSession may be configured in application configuration file as follows,

<module id="session" class="THttpSession" SessionName="SSID" SavePath="/tmp"
        CookieMode="Allow" UseCustomStorage="false" AutoStart="true" GCProbability="1"
        UseTransparentSessionID="true" TimeOut="3600" />

where \Prado\Web\getSessionName, \Prado\Web\getSavePath, \Prado\Web\getCookieMode, \Prado\Web\getUseCustomStorage, \Prado\Web\getAutoStart, \Prado\Web\getGCProbability, \Prado\Web\getUseTransparentSessionID and \Prado\Web\getTimeout are configurable properties of THttpSession.

To avoid the possibility of identity theft through some variants of XSS attacks, THttpSessionshould always be configured to enforce HttpOnly setting on session cookie. The HttpOnly setting is disabled by default. To enable it, configure the THttpSession module as follows,

<module id="session" class="THttpSession" Cookie.HttpOnly="true" >

Class hierarchy

\Prado\Web\THttpSession implements IteratorAggregate, ArrayAccess, Countable, IModule

\Prado\TApplicationComponent

\Prado\TComponent

Author: Qiang Xue <qiang.xue@gmail.com>
Since: 3.0

Methods summary
`public`	`_close() : bool` Session close handler. This method should be overridden if \Prado\Web\setUseCustomStorage is set true.
`public`	`_destroy(string $id) : bool` Session destroy handler. This method should be overridden if \Prado\Web\setUseCustomStorage is set true.
`public`	`_gc(int $maxLifetime) : bool` Session GC (garbage collection) handler. This method should be overridden if \Prado\Web\setUseCustomStorage is set true.
`public`	`_open(string $savePath, string $sessionName) : bool` Session open handler. This method should be overridden if \Prado\Web\setUseCustomStorage is set true.
`public`	`_read(string $id) : string` Session read handler. This method should be overridden if \Prado\Web\setUseCustomStorage is set true.
`public`	`_write(string $id, string $data) : bool` Session write handler. This method should be overridden if \Prado\Web\setUseCustomStorage is set true.
`public`	`add(mixed $key, mixed $value) : mixed` Adds a session variable. Note, if the specified name already exists, the old value will be removed first.
`public`	`clear() : mixed` Removes all session variables
`public`	`close() : mixed` Ends the current session and store session data.
`public`	`contains(mixed $key) : bool`
`public`	`count() : int` Returns the number of items in the session. This method is required by \Countable interface.
`public`	`destroy() : mixed` Destroys all data registered to a session.
`public`	`getAutoStart() : bool`
`public`	`getCookie() : THttpCookie`
`public`	`getCookieMode() : THttpSessionCookieMode`
`public`	`getCount() : int`
`public`	`getGCProbability() : int`
`public`	`getID() : string`
`public`	`getIsStarted() : bool`
`public`	`getIterator() : TSessionIterator` Returns an iterator for traversing the session variables. This method is required by the interface \IteratorAggregate.
`public`	`getKeys() : array<string\|int, mixed>`
`public`	`getSavePath() : string`
`public`	`getSessionID() : string`
`public`	`getSessionName() : string`
`public`	`getTimeout() : int`
`public`	`getUseCustomStorage() : bool`
`public`	`getUseTransparentSessionID() : bool`
`public`	`init(TXmlElement $config) : mixed` Initializes the module. This method is required by IModule. If AutoStart is true, the session will be started.
`public`	`itemAt(mixed $key) : mixed` Returns the session variable value with the session variable name. This method is exactly the same as offsetGet.
`public`	`offsetExists(mixed $offset) : bool` This method is required by the interface \ArrayAccess.
`public`	`offsetGet(int $offset) : mixed` This method is required by the interface \ArrayAccess.
`public`	`offsetSet(int $offset, mixed $item) : void` This method is required by the interface \ArrayAccess.
`public`	`offsetUnset(mixed $offset) : void` This method is required by the interface \ArrayAccess.
`public`	`open() : mixed` Starts the session if it has not started yet.
`public`	`regenerate([bool $deleteOld = false ]) : string` Update the current session id with a newly generated one
`public`	`remove(mixed $key) : mixed` Removes a session variable.
`public`	`setAutoStart(bool $value) : mixed`
`public`	`setCookieMode(THttpSessionCookieMode $value) : mixed`
`public`	`setGCProbability(int $value) : mixed`
`public`	`setID(string $value) : mixed`
`public`	`setSavePath(string $value) : mixed`
`public`	`setSessionID(string $value) : mixed`
`public`	`setSessionName(string $value) : mixed`
`public`	`setTimeout(int $value) : mixed`
`public`	`setUseCustomStorage(bool $value) : mixed`
`public`	`setUseTransparentSessionID(bool $value) : mixed` Ensure that {@see setCookieMode CookieMode} is not set to "None" before enabling the use of transparent session ids. Refer to the main documentation of the class THttpSession class for a configuration example.
`public`	`toArray() : array<string\|int, mixed>`

Inherited methods
__call, __callStatic, __clone, __construct, __destruct, __get, __isset, __set, __sleep, __unset, __wakeup, addParsedObject, asa, attachBehavior, attachBehaviors, attachClassBehavior, attachEventHandler, callBehaviorsMethod, canGetProperty, canSetProperty, clearBehaviors, createdOnTemplate, detachBehavior, detachBehaviors, detachClassBehavior, detachEventHandler, disableBehavior, disableBehaviors, enableBehavior, enableBehaviors, evaluateExpression, evaluateStatements, fxAttachClassBehavior, fxDetachClassBehavior, getApplication, getAutoGlobalListen, getBehaviors, getBehaviorsEnabled, getClassHierarchy, getEventHandlers, getListeningToGlobalEvents, getRequest, getResponse, getService, getSession, getSubProperty, getUser, hasEvent, hasEventHandler, hasMethod, hasProperty, isa, listen, publishAsset, publishFilePath, raiseEvent, setSubProperty, unlisten, _getZappableSleepProps, getCallChain, getClassFxEvents, instanceBehavior, filter_prado_fx

Inherited constants
`\Prado\TApplicationComponent::FX_CACHE_FILE, \Prado\TComponent::GLOBAL_RAISE_EVENT_LISTENER`

Classes

Interfaces

Traits

Search results

Class \Prado\Web\THttpSession

Class hierarchy