PHP Class Prado\Web\THttpSession
THttpSession provides session-level data management and the related configurations.
To start the session, call {@link open}; to complete and send out session data, call {@link close};
to destroy the session, call {@link destroy}. If AutoStart is true, then the session
will be started once the session module is loaded and initialized.
To access data stored in session, use THttpSession like an associative array. For example,
$session=new THttpSession;
$session->open();
$value1=$session['name1']; // get session variable 'name1'
$value2=$session['name2']; // get session variable 'name2'
foreach($session as $name=>$value) // traverse all session variables
$session['name3']=$value3; // set session variable 'name3'
The following configurations are available for session:
{@link setAutoStart AutoStart}, {@link setCookieMode CookieMode},
{@link setSavePath SavePath},
{@link setUseCustomStorage UseCustomStorage}, {@link setGCProbability GCProbability},
{@link setTimeout Timeout}.
See the corresponding setter and getter documentation for more information.
Note, these properties must be set before the session is started.
THttpSession can be inherited with customized session storage method.
Override {@link _open}, {@link _close}, {@link _read}, {@link _write}, {@link _destroy} and {@link _gc}
and set {@link setUseCustomStorage UseCustomStorage} to true.
Then, the session data will be stored using the above methods.
By default, THttpSession is registered with {@link TApplication} as the
request module. It can be accessed via {@link TApplication::getSession()}.
THttpSession may be configured in application configuration file as follows,
where {@link getSessionName SessionName}, {@link getSavePath SavePath},
{@link getCookieMode CookieMode}, {@link getUseCustomStorage UseCustomStorage}, {@link getAutoStart AutoStart}, {@link getGCProbability GCProbability}, {@link getUseTransparentSessionID UseTransparentSessionID}
and {@link getTimeout TimeOut} are configurable properties of THttpSession.
To avoid the possibility of identity theft through some variants of XSS attacks,
THttpSessionshould always be configured to enforce HttpOnly setting on session cookie.
The HttpOnly setting is disabled by default. To enable it, configure the THttpSession
module as follows,
显示文件
Open project: pradosoft/prado
Class Usage Examples
Public Methods
Method Details
This method should be overridden if {@link setUseCustomStorage UseCustomStorage} is set true.
This method should be overridden if {@link setUseCustomStorage UseCustomStorage} is set true.
This method should be overridden if {@link setUseCustomStorage UseCustomStorage} is set true.
public _gc ( $maxLifetime ) : boolean |
return |
boolean |
whether session is GCed successfully |
This method should be overridden if {@link setUseCustomStorage UseCustomStorage} is set true.
public _open ( $savePath, $sessionName ) : boolean |
return |
boolean |
whether session is opened successfully |
This method should be overridden if {@link setUseCustomStorage UseCustomStorage} is set true.
This method should be overridden if {@link setUseCustomStorage UseCustomStorage} is set true.
Note, if the specified name already exists, the old value will be removed first.
public add ( $key, $value ) |
Removes all session variables
Ends the current session and store session data.
This method is required by \Countable interface.
Destroys all data registered to a session.
getAutoStart()
public method
public getAutoStart ( ) : boolean |
return |
boolean |
whether the session should be automatically started when the session module is initialized, defaults to false. |
getCookie()
public method
public getCookie ( ) : THttpCookie |
return |
THttpCookie |
cookie that will be used to store session ID |
getCookieMode()
public method
public getCookieMode ( ) : THttpSessionCookieMode |
return |
THttpSessionCookieMode |
how to use cookie to store session ID. Defaults to THttpSessionCookieMode::Allow. |
getGCProbability()
public method
public getGCProbability ( ) : integer |
return |
integer |
the probability (percentage) that the gc (garbage collection) process is started on every session initialization, defaults to 1 meaning 1% chance. |
getIsStarted()
public method
getIterator()
public method
This method is required by the interface \IteratorAggregate.
public getIterator ( ) : TSessionIterator |
return |
TSessionIterator |
an iterator for traversing the session variables. |
getSavePath()
public method
getSessionID()
public method
getSessionName()
public method
getTimeout()
public method
public getTimeout ( ) : integer |
return |
integer |
the number of seconds after which data will be seen as 'garbage' and cleaned up, defaults to 1440 seconds. |
getUseCustomStorage()
public method
getUseTransparentSessionID()
public method
This method is required by IModule.
If AutoStart is true, the session will be started.
This method is exactly the same as {@link offsetGet}.
public itemAt ( $key ) : mixed |
return |
mixed |
the session variable value, null if no such variable exists |
offsetExists()
public method
This method is required by the interface \ArrayAccess.
offsetGet()
public method
This method is required by the interface \ArrayAccess.
public offsetGet ( $offset ) : mixed |
return |
mixed |
the element at the offset, null if no element is found at the offset |
offsetSet()
public method
This method is required by the interface \ArrayAccess.
offsetUnset()
public method
This method is required by the interface \ArrayAccess.
Starts the session if it has not started yet.
regenerate()
public method
Update the current session id with a newly generated one
Removes a session variable.
public remove ( $key ) : mixed |
return |
mixed |
the removed value, null if no such session variable. |
setAutoStart()
public method
setCookieMode()
public method
setGCProbability()
public method
setSavePath()
public method
setSessionID()
public method
setSessionName()
public method
setTimeout()
public method
setUseCustomStorage()
public method
setUseTransparentSessionID()
public method