Celemas Sessions

Helper classes for native PHP sessions, flash messages, and CSRF.

Installation

composer require celemas/session

Documentation

Start here: docs/index.md.

Quick start

use Celemas\Session\Session;

$session = new Session();
$session->start();

$session->set('user_id', 123);
$userId = $session->get('user_id');

$session->flash->add('Signed in.');

$token = $session->csrf->token('profile');

Session merges custom options with secure defaults for Secure and HttpOnly cookies, SameSite=Lax, strict session IDs, cookie-only session IDs, disabled transparent session IDs, and PHP's nocache session cache limiter. Set cookie_secure to false only for intentional plain HTTP environments, such as local development without TLS.

License

This project is licensed under the MIT license.