You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 29, 2020. It is now read-only.
Since I had to work on a similar issue (even if not a zx project) I would like to know other developers' opinion about this.
We could encounter cases when we want to use zx-session + zx-session-ext, but we already have an active session started by a 3rd-party middleware layer (we are using a lazy session implementation) or by an upper-level pipeline (nested apps).
In the worst of cases, we may also have some prepared session-related headers: what should we do?
Should this package be able to handle these edge cases and intercept active sessions and taking control?
Should we remove all the session-related headers added by php-session-ext, considering also that header_remove() will delete all the headers with a given name, no matter their origin?
kind regards
The text was updated successfully, but these errors were encountered:
I think if you have multiple third-party libraries that are each managing session functionality, you likely need to do a bit of work in your application to integrate them to prevent collisions, multiple starts, etc. Generally speaking, you should have one middleware that checks for a session cookie and initializes the session, and then sends the Set-Cookie header at the end. If third-party is doing this, you need to provide a substitution so that your application can be in control of that process.
Since I had to work on a similar issue (even if not a zx project) I would like to know other developers' opinion about this.
We could encounter cases when we want to use zx-session + zx-session-ext, but we already have an active session started by a 3rd-party middleware layer (we are using a lazy session implementation) or by an upper-level pipeline (nested apps).
In the worst of cases, we may also have some prepared session-related headers: what should we do?
header_remove()
will delete all the headers with a given name, no matter their origin?kind regards
The text was updated successfully, but these errors were encountered: