tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-07-04 18:39:38 +02:00
Code Issues Projects Releases Wiki Activity
ff5ed6efeb
silverstripe-framework/docs/en/02_Developer_Guides/18_Cookies_And_Sessions/02_Sessions.md
johndalangin 23d0f51592 Added cookie_secure configuration directive 
Seeing that cookie_secure is not yet added to the documentation, I took the liberty to add it myself.

Thanks and hope this helps!
2015-09-17 15:53:58 +08:00

2.5 KiB
Raw Blame History

title: Sessions summary: A set of static methods for manipulating PHP sessions.

Sessions

Session support in PHP consists of a way to preserve certain data across subsequent accesses such as logged in user information and security tokens.

In order to support things like testing, the session is associated with a particular Controller. In normal usage, this is loaded from and saved to the regular PHP session, but for things like static-page-generation and unit-testing, you can create multiple Controllers, each with their own session.

set

:::php
Session::set('MyValue', 6);

Saves the value of to session data. You can also save arrays or serialized objects in session (but note there may be size restrictions as to how much you can save).

:::php
// saves an array
Session::set('MyArrayOfValues', array('1','2','3'));

// saves an object (you'll have to unserialize it back)
$object = new Object();
Session::set('MyObject', serialize($object));

get

Once you have saved a value to the Session you can access it by using the get function. Like the set function you can use this anywhere in your PHP files.

:::php
echo Session::get('MyValue'); 
// returns 6

$data = Session::get('MyArrayOfValues'); 
// $data = array(1,2,3)

$object = unserialize(Session::get('MyObject', $object)); 
// $object = Object()

get_all

You can also get all the values in the session at once. This is useful for debugging.

:::php
Session::get_all(); 
// returns an array of all the session values.

clear

Once you have accessed a value from the Session it doesn't automatically wipe the value from the Session, you have to specifically remove it.

:::php
Session::clear('MyValue');

Or you can clear every single value in the session at once. Note SilverStripe stores some of its own session data including form and page comment information. None of this is vital but clear_all will clear everything.

:::php
Session::clear_all();

Secure Session Cookie

In certain circumstances, you may want to use a different session_name cookie when using the https protocol for security purposes. To do this, you may set the cookie_secure parameter to true on your config.yml

:::yml
Session:
  cookie_secure: true

This uses the session_name SECSESSID for https connections instead of the default PHPSESSID. Doing so adds an extra layer of security to your session cookie since you no longer share http and https sessions.

API Documentation

  • [api:Session]