spaze/mysql-session-handler

MySQL session handler for Nette Framework with optionally encrypted storage

v3.0.0 2024-01-19 23:47 UTC

This package is auto-updated.

Last update: 2024-11-26 00:39:03 UTC


README

Custom PHP session handler for Nette Framework that uses MySQL database for storage.

Requirements

Requirements for previous versions

Requirements for 2.2

Requirements for 2.1 (not supported anymore)

Installation

Preferred way to install spaze/mysql-session-handler is by using Composer:

$ composer require spaze/mysql-session-handler

Setup

After installation:

  1. Create the table sessions using SQL in sql/create.sql.

  2. Register an extension in config.neon:

	extensions:
		sessionHandler: Spaze\Session\DI\MysqlSessionHandlerExtension

Features

  • For security reasons, Session ID is stored in the database as an SHA-256 hash.
  • Supports encrypted session storage via spaze/encryption which uses paragonie/halite which uses Sodium.
  • Events that allow you to add additional columns to the session storage table for example.
  • Multi-Master Replication friendly (tested in Master-Master row-based replication setup).

Encrypted session storage

Follow the guide at spaze/encryption to define a new encryption key.

Define a new service:

sessionEncryption: \Spaze\Encryption\Symmetric\StaticKey('session', %encryption.keys%, %encryption.activeKeyIds%)

Add the new encryption service to the session handler:

sessionHandler:
    encryptionService: @sessionEncryption

Migration from unecrypted to encrypted session storage is not (yet?) supported.

Events

onBeforeDataWrite

The event occurs before session data is written to the session table, both for a new session (when a new row is inserted) or an existing session (a row us updated). The event is not triggered when just the session timestamp is updated without any change in the session data.

You can add a new column by calling setAdditionalData() in the event handler:

setAdditionalData(string $key, $value): void

Use it to store for example user id to which the session belongs to.

Credits

This is heavily based on MySQL Session handler by Pematon (Marián Černý & Peter Knut), thanks!