Skip to content

Custom PHP session handler for Nette Framework that uses MySQL database for (possibly encrypted) storage

License

Notifications You must be signed in to change notification settings

webwingscz/mysql-session-handler

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

MySQL Session handler

Custom PHP session handler for Nette Framework that uses MySQL database for storage.

Requirements

Installation

Preferred way to install webwings/mysql-session-handler is by using Composer:

$ composer require webwings/mysql-session-handler

Setup

After installation:

  1. Create the table sessions using SQL in sql/create.sql.

  2. Register an extension in config.neon:

	extensions:
		sessionHandler: Webwings\Session\DI\MysqlSessionHandlerExtension
  1. Setup DatabaseStorage
sessionHandler:
    storage: Webwings\Session\Storage\DibiDatabaseStorage(@dibi.connection, 'sessions')

Features

  • For security reasons, Session ID is stored in the database as an SHA-256 hash.
  • Supports encrypted session storage via spaze/encryption which uses paragonie/halite which uses Sodium.
  • Events that allow you to add additional columns to the session storage table for example.
  • Multi-Master Replication friendly (tested in Master-Master row-based replication setup).

Encrypted session storage

Follow the guide at spaze/encryption to define a new encryption key.

Define a new service:

sessionEncryption: \Spaze\Encryption\Symmetric\StaticKey('session', %encryption.keys%, %encryption.activeKeyIds%)

Add the new encryption service to the session handler:

sessionHandler:
    encryptionService: @sessionEncryption

Migration from unecrypted to encrypted session storage is not (yet?) supported.

Events

onBeforeDataWrite

The event occurs before session data is written to the session table, both for a new session (when a new row is inserted) or an existing session (a row us updated). The event is not triggered when just the session timestamp is updated without any change in the session data.

You can add a new column by calling setAdditionalData() in the event handler:

setAdditionalData(string $key, $value): void

Use it to store for example user id to which the session belongs to.

Credits

This is heavily based on MySQL Session handler by Pematon (Marián Černý & Peter Knut & Michal Špaček) thanks!

About

Custom PHP session handler for Nette Framework that uses MySQL database for (possibly encrypted) storage

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • PHP 100.0%