SilverStripe\HybridSessions\Store\CookieStore
A session store which stores the session data in an encrypted & signed cookie.
This way the server doesn't need to open a database connection or have a shared filesystem for reading
the session from - the client passes through the session with every request.
This approach does have some limitations - cookies can only be quite small (4K total, but we limit to 1K)
and can only be set _before_ the server starts sending a response.
So we clear the cookie on Session startup (which should always be before the headers get sent), but just
fail on Session write if we can't use cookies, assuming there's something watching for that & providing a fallback
Synopsis
class CookieStore
extends BaseStore
{
- // members
- private static integer $max_length = 1024;
- protected HybridSessionStore_Crypto $crypto;
- protected $cookie;
- protected $currentCookieData;
- // Inherited members from BaseStore
- protected $key;
- // methods
- public void open()
- public void close()
- protected HybridSessionStore_Crypto getCrypto()
- public void read()
- protected bool canWrite()
- public void write()
- public void destroy()
- public void gc()
- // Inherited methods from BaseStore
- public void setKey()
- protected string getKey()
- protected int getLifetime()
- protected int getNow()
Hierarchy
Members
private
- $max_length
—
int
Maximum length of a cookie value in characters
protected
- $crypto
—
SilverStripe\HybridSessions\Store\HybridSessionStore_Crypto
Encryption service - $currentCookieData
—
string
Known unmodified value of this cookie. If the cookie backend has been read into the application, then the backend is unable to verify the modification state of this value internally within the system, so this will be left null unless written back. - $key
—
string
Session secret key
Methods
protected
- canWrite() — Determine if the session could be verifably written to cookie storage
- getCrypto() — Get the cryptography store for the specified session
public
Inherited from SilverStripe\HybridSessions\Store\BaseStore
protected
- getKey() — Get the session secret key
- getLifetime() — Get lifetime in number of seconds
- getNow() — Gets the current unix timestamp
public
- setKey() — Assign a new session secret key