Session Manager¶
The session manager, Zend\Session\SessionManager, is a class that is responsible for all aspects of session management. It initializes and configures configuration, storage and save handling. Additionally the session manager can be injected into the session container to provide a wrapper or namespace around your session data.
The session manager is responsible for session start, session exists, session write, regenerate id, time to live and session destroy. The session manager can valid sessions from a validator chain to ensure that the session data is indeed correct.
Initializing the Session Manager¶
Generally speaking you will always want to initialize the session manager and ensure that you had initialized it on your end; this puts in place a simple solution to prevent against session fixation. Generally you will likely setup configuration and then inside of your Application module bootstrap the session manager.
Additionally you will likely want to supply validators to prevent against session hijacking.
The following illustrates how you may configure session manager by setting options in your local or global config:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | return array(
'session' => array(
'config' => array(
'class' => 'Zend\Session\Config\SessionConfig',
'options' => array(
'name' => 'myapp',
),
),
'storage' => 'Zend\Session\Storage\SessionArrayStorage',
'validators' => array(
array(
'Zend\Session\Validator\RemoteAddr',
'Zend\Session\Validator\HttpUserAgent',
),
),
),
);
|
The following illustrates how you might utilize the above configuration to create the session manager:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 | use Zend\Session\SessionManager;
use Zend\Session\Container;
class Module
{
public function onBootstrap($e)
{
$eventManager = $e->getApplication()->getEventManager();
$serviceManager = $e->getApplication()->getServiceManager();
$moduleRouteListener = new ModuleRouteListener();
$moduleRouteListener->attach($eventManager);
$this->bootstrapSession($e);
}
public function bootstrapSession($e)
{
$session = $e->getApplication()
->getServiceManager()
->get('Zend\Session\SessionManager');
$session->start();
$container = new Container('initialized');
if (!isset($container->init)) {
$session->regenerateId(true);
$container->init = 1;
}
}
public function getServiceConfig()
{
return array(
'factories' => array(
'Zend\Session\SessionManager' => function ($sm) {
$config = $sm->get('config');
if (isset($config['session'])) {
$session = $config['session'];
$sessionConfig = null;
if (isset($session['config'])) {
$class = isset($session['config']['class']) ? $session['config']['class'] : 'Zend\Session\Config\SessionConfig';
$options = isset($session['config']['options']) ? $session['config']['options'] : array();
$sessionConfig = new $class();
$sessionConfig->setOptions($options);
}
$sessionStorage = null;
if (isset($session['storage'])) {
$class = $session['storage'];
$sessionStorage = new $class();
}
$sessionSaveHandler = null;
if (isset($session['save_handler'])) {
// class should be fetched from service manager since it will require constructor arguments
$sessionSaveHandler = $sm->get($session['save_handler']);
}
$sessionManager = new SessionManager($sessionConfig, $sessionStorage, $sessionSaveHandler);
if (isset($session['validator'])) {
$chain = $sessionManager->getValidatorChain();
foreach ($session['validator'] as $validator) {
$validator = new $validator();
$chain->attach('session.validate', array($validator, 'isValid'));
}
}
} else {
$sessionManager = new SessionManager();
}
Container::setDefaultManager($sessionManager);
return $sessionManager;
},
),
)
}
}
|
Project Versions
RTD Search
Full-text doc search.
