wscp
March 8, 2024, 7:57am
1
I was looking at the mezzio-session docs and noticed this part about using SessionContainerPersistenceInterface
to handle session expiry in custom persistence backends. However, I can’t find any information about SessionContainerPersistenceInterface
other than what is present on the page itself. I don’t see any usages of this interface anywhere, and I don’t see any definition of the interface in the project’s code.
Am I missing something? Is the persistence implementation supposed to create this interface in its own codebase?
Hello and welcome to our forums!
Very confusing because the documentation was added for this interface but no code:
zendframework:develop
← weierophinney:feature/session-cookie-persistence
opened 08:35PM - 30 Oct 18 UTC
PHP supports persistent sessions by allowing developers to set the `session.cook… ie_lifetime` value, or to pass the `$lifetime` argument to `session_set_cookie_params()`. In each case, ext-session will then set an `Expires` directive in the `Set-Cookie` header associated with the session. These values are often manipulated at runtime to allow developers to set session cookie lifetimes based on specific criteria (e.g., a user checking a "remember me" box).
This patch adds the ability for developers to provide at runtime a TTL for the sesssion they are manipulating. It introduces a new interface, `SessionCookiePersistenceInterface`, with the methods `persistSessionFor(int $duration) : void` and `getSessionLifetime() : int`. The first can be used by developers to indicate the desired session lifetime; the second can be used by persistence engines in order to set the lifetime either in the persistence engine itself or in client-side artifacts such as session cookies.
In order to allow the lifetime to persist when a cookie is regenerated, I both recommend that the session stores the lifetime within its own data, and that `Session` instances use that value when present. I have implemented `Session` such that it does exactly this, using the value of `SessionCookiePersistenceInterface::SESSION_LIFETIME_KEY` as the session data key under which the lifetime is stored.
The value is specified and stored as an integer, as most existing systems expect an integer indicating the number of seconds the session should persist. Negative values and zero indicate expiry as soon as the current session is over (generally indicated by closing the window and/or browser).
Please check Mezzio\Session\SessionCookiePersistenceInterface
instead:
/**
* Allow marking session cookies as persistent.
*
* It can be useful to mark a session as persistent: e.g., for a "Remember Me"
* feature when logging a user into your system. PHP provides this capability
* via ext-session with the $lifetime argument to session_set_cookie_params()
* as well as by the session.cookie_lifetime INI setting. The latter will set
* the value for all session cookies sent (or until the value is changed via
* an ini_set() call), while the former will only affect cookies created during
* the current script lifetime.
*
* Persistence engines may, of course, allow setting a global lifetime. This
* interface allows developers to set the lifetime programmatically. Persistence
* implementations are encouraged to use the value to set the cookie lifetime
* when creating and returning a cookie. Additionally, to ensure the cookie
* lifetime originally requested is honored when a session is regenerated, we
* recommend persistence engines to store the TTL in the session data itself,
* so that it can be re-sent in such scenarios.
*/
interface SessionCookiePersistenceInterface
I will fix the problem in the documentation.
Thank you for bringing up this topic!
1 Like
wscp
March 8, 2024, 8:49am
3
Thank you so much for responding this quickly! Yeah, session cookies seem to be the interface I should be using.