With Devflow, you have a couple of ways to work with sessions. You can work with native PHP sessions or a session abstraction for PSR-7 with option of using a PSR-15 middleware.
Native PHP Session Configuration
Session configuration is defined in File: ./config/session.php. The available options are:
| Option | Scalar Type | Description |
|---|---|---|
use_cookies |
bool |
Specifies whether the application will use cookies to store the session id on the client side. |
cookie_secure |
bool |
Specifies whether cookies should only be sent over secure connections. |
cookie_lifetime |
int |
Specifies the lifetime of the cookie in seconds which is sent to the browser. The value 0 means "until the browser is closed." |
cookie_path |
string |
Specifies path to set in the session cookie. |
cookie_domain |
string |
Specifies the domain to set in the session cookie. |
use_only_cookies |
bool |
Specifies whether the application will only use cookies to store the session id on the client side. |
cookie_httponly |
bool |
Marks the cookie as accessible only through the HTTP protocol. |
use_strict_mode |
bool |
Specifies whether the module will use strict session id mode. |
cache_limiter |
string |
Specifies the cache control method used for session pages. It may be one of the following values: nocache, private, private_no_expire, or public. |
cache_expire |
int |
Specifies time-to-live for cached session pages in minutes; this has no effect for nocache limiter. |
cookie_samesite |
string |
Allows servers to assert that a cookie ought not to be sent along with cross-site requests. This assertion allows user agents to mitigate the risk of cross-origin information leakage, and provides some protection against cross-site request forgery attacks. Note that this is not supported by all browsers. An empty value means that no SameSite cookie attribute will be set. Lax and Strict mean that the cookie will not be sent cross-domain for POST requests; Lax will send the cookie for cross-domain GET requests, while Strict will not. |
Usage
<?php
use App\Application\Devflow;
$session = Devflow::$PHP->session;
$session->set('userId', '01HDYV2CNCE0F8RCSY8HADMS0M');
Flash Messages
Store messages in session data until they are retrieved. Bootstrap compatible and sticky messages available.
<?php
use App\Application\Devflow;
$message = Devflow::$PHP->flash;
// Add messages
$message->info('This is an info message');
$message->success('This is a success message');
$message->warning('This is a warning message');
$message->error('This is an error message');
// If you need to check for errors (eg: when validating a form) you can:
if ($message->hasErrors()) {
// There ARE errors
} else {
// There are NO errors
}
// Wherever you want to display the messages simply call:
$message->display();
Sticky Messages
By default, all messages include a close button. The close button can be removed, thus making the message sticky.
To make a message sticky pass true as the third parameter: