README

Custom PHP session handler for Nette Framework that uses MySQL database for storage.

Requirements

• nette/database 3.2+
• nette/di 3.2+
• PHP 8.2+

Installation

Preferred way to install spaze/mysql-session-handler is by using Composer:

$ composer require spaze/mysql-session-handler

Setup

After installation:

1. Create the table sessions using SQL in sql/create.sql.

2. Register an extension in config.neon:

	extensions:
		sessionHandler: Spaze\Session\DI\MysqlSessionHandlerExtension

Features

• For security reasons, Session ID is stored in the database as an SHA-256 hash.
• Supports encrypted session storage via spaze/encryption which uses paragonie/halite which uses Sodium.
• Events that allow you to add additional columns to the session storage table for example.
• Multi-Master Replication friendly (tested in Master-Master row-based replication setup).

Encrypted session storage

Follow the guide at spaze/encryption to define a new encryption key.

Define a new service:

sessionEncryption: \Spaze\Encryption\Symmetric\StaticKey('session', %encryption.keys%, %encryption.activeKeyIds%)

Add the new encryption service to the session handler:

sessionHandler:
    encryptionService: @sessionEncryption

Migration from unecrypted to encrypted session storage is not (yet?) supported.

Events

onBeforeDataWrite

The event occurs before session data is written to the session table, both for a new session (when a new row is inserted) or an existing session (a row is updated), even if there's no change in the session data.

Additional columns

You can add a new column to the session table by calling setAdditionalData() in the event handler:

setAdditionalData(string $key, $value): void

Use it to store for example user id to which the session belongs to. See for example this code that uses the Nette\Security\User::onLoggedIn handler to do that.

Credits

This is heavily based on MySQL Session handler by Pematon (Marián Černý & Peter Knut), thanks!