Session
=======
The *SessionServiceProvider* provides a service for storing data persistently
between requests.
Parameters
----------
* **session.storage.save_path** (optional): The path for the
``NativeFileSessionHandler``, defaults to the value of
``sys_get_temp_dir()``.
* **session.storage.options**: An array of options that is passed to the
constructor of the ``session.storage`` service.
In case of the default `NativeSessionStorage
<http://api.symfony.com/master/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.html>`_,
the most useful options are:
* **name**: The cookie name (_SESS by default)
* **id**: The session id (null by default)
* **cookie_lifetime**: Cookie lifetime
* **cookie_path**: Cookie path
* **cookie_domain**: Cookie domain
* **cookie_secure**: Cookie secure (HTTPS)
* **cookie_httponly**: Whether the cookie is http only
However, all of these are optional. Default Sessions life time is 1800
seconds (30 minutes). To override this, set the ``lifetime`` option.
For a full list of available options, read the `PHP
<http://php.net/session.configuration>`_ official documentation.
* **session.test**: Whether to simulate sessions or not (useful when writing
functional tests).
* **session.attribute_bag** (optional): The attribute bag service to use in the session.
Instance of ``AttributeBagInterface``.
* **session.flash_bag** (optional): The flash bag service to use in the session.
Instance of ``FlashBagInterface``.
Services
--------
* **session**: An instance of Symfony's `Session
<http://api.symfony.com/master/Symfony/Component/HttpFoundation/Session/Session.html>`_.
* **session.storage**: A service that is used for persistence of the session
data.
* **session.storage.handler**: A service that is used by the
``session.storage`` for data access. Defaults to a `NativeFileSessionHandler
<http://api.symfony.com/master/Symfony/Component/HttpFoundation/Session/Storage/Handler/NativeFileSessionHandler.html>`_
storage handler.
Registering
-----------
.. code-block:: php
$app->register(new Silex\Provider\SessionServiceProvider());
Using Handlers
--------------
The default session handler is ``NativeFileSessionHandler``. However, there are
multiple handlers available for use by setting ``session.storage.handler`` to
an instance of one of the following handler objects:
* `LegacyPdoSessionHandler <http://api.symfony.com/master/Symfony/Component/HttpFoundation/Session/Storage/Handler/LegacyPdoSessionHandler.html>`_
* `MemcacheSessionHandler <http://api.symfony.com/master/Symfony/Component/HttpFoundation/Session/Storage/Handler/MemcacheSessionHandler.html>`_
* `MemcachedSessionHandler <http://api.symfony.com/master/Symfony/Component/HttpFoundation/Session/Storage/Handler/MemcachedSessionHandler.html>`_
* `MongoDbSessionHandler <http://api.symfony.com/master/Symfony/Component/HttpFoundation/Session/Storage/Handler/MongoDbSessionHandler.html>`_
* `NativeFileSessionHandler <http://api.symfony.com/master/Symfony/Component/HttpFoundation/Session/Storage/Handler/NativeFileSessionHandler.html>`_
* `NativeSessionHandler <http://api.symfony.com/master/Symfony/Component/HttpFoundation/Session/Storage/Handler/NativeSessionHandler.html>`_
* `NullSessionHandler <http://api.symfony.com/master/Symfony/Component/HttpFoundation/Session/Storage/Handler/NullSessionHandler.html>`_
* `PdoSessionHandler <http://api.symfony.com/master/Symfony/Component/HttpFoundation/Session/Storage/Handler/PdoSessionHandler.html>`_
* `WriteCheckSessionHandler <http://api.symfony.com/master/Symfony/Component/HttpFoundation/Session/Storage/Handler/WriteCheckSessionHandler.html>`_
Usage
-----
The Session provider provides a ``session`` service. Here is an example that
authenticates a user and creates a session for them::
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
$app->get('/login', function (Request $request) use ($app) {
$username = $request->server->get('PHP_AUTH_USER', false);
$password = $request->server->get('PHP_AUTH_PW');
if ('igor' === $username && 'password' === $password) {
$app['session']->set('user', array('username' => $username));
return $app->redirect('/account');
}
$response = new Response();
$response->headers->set('WWW-Authenticate', sprintf('Basic realm="%s"', 'site_login'));
$response->setStatusCode(401, 'Please sign in.');
return $response;
});
$app->get('/account', function () use ($app) {
if (null === $user = $app['session']->get('user')) {
return $app->redirect('/login');
}
return "Welcome {$user['username']}!";
});
Custom Session Configurations
-----------------------------
If your system is using a custom session configuration (such as a redis handler
from a PHP extension) then you need to disable the NativeFileSessionHandler by
setting ``session.storage.handler`` to null. You will have to configure the
``session.save_path`` ini setting yourself in that case.
.. code-block:: php
$app['session.storage.handler'] = null;