joefallon/phpsession 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

joefallon/phpsession

Composer 安装命令:

composer require joefallon/phpsession

包简介

A simple age and activity based session library.

关键字:

README 文档

README

phpsession is a small, well-tested PHP library that wraps the PHP session API and provides two common session-expiration strategies:

  • max age (time since the session was created)
  • last-activity timeout (time since the session was last accessed)

It is intentionally tiny, dependency-free, and designed for safe use in web applications where predictable session-expiration and non-blocking session access are important.

Why use phpsession?

  • Small and focused: one class that does one job well.
  • Non-blocking-friendly: the implementation opens the session only for the duration of an operation and closes it immediately afterwards, which reduces the chance of session-lock contention in concurrent requests (for example, AJAX-heavy frontends).
  • Well tested: comes with unit tests that exercise the public API and edge cases.
  • Composer-friendly and PSR-4 compatible.

Requirements

  • PHP 7.4 or later

Installation

Install with Composer (recommended):

composer require joefallon/phpsession

or add this to your composer.json and run composer install:

{
  "require": {
    "joefallon/phpsession": "*"
  }
}

Quick start

The class is namespaced under JoeFallon\PhpSession. Typical usage:

use JoeFallon\PhpSession\Session;

$session = new Session();
$session->write('user_id', '42');
$userId = $session->read('user_id');

// Remove a key
$session->unsetSessionValue('user_id');

// Destroy the whole session (and its cookie)
$session->destroy();

Constructor and configuration

The constructor accepts two optional integer parameters (seconds):

  • __construct(int $maxAgeInSecs = Session::HOUR, int $lastActivityInSecs = Session::HOUR)
    • $maxAgeInSecs — maximum age of the session since creation. Set to 0 to disable.
    • $lastActivityInSecs — timeout measured from the last read/write/unset. Set to 0 to disable.

Note: The constructor validates inputs and throws InvalidArgumentException if values are negative or if maxAgeInSecs is less than lastActivityInSecs. This is deliberate: the maximum age must be at least as long as the activity window.

Public API (methods)

  • public function read(string $key)

    • Return the stored value for $key or null if not present or if an empty key is passed. Reading updates the last-activity timestamp.
  • public function write(string $key, string $val): void

    • Stores $val under $key. Throws InvalidArgumentException if $key is empty. Writing updates the last-activity timestamp.
  • public function unsetSessionValue(string $key): void

    • Removes a session key (if present) and updates the last-activity timestamp.
  • public function isMaxAgeTimeoutExpired(): bool

    • Returns true when the time since session creation is greater than or equal to the configured max age. On first call this method initializes the creation timestamp and will return false.
  • public function isLastActivityTimeoutExpired(): bool

    • Returns true when the time since the last activity is greater than or equal to the configured activity timeout. On first call this method initializes the last-activity timestamp and will return false.
  • public function destroy(): void

    • Clears session data, removes the session cookie (if cookies are used), regenerates the session id to remove old data, and destroys the session.

Constants

  • Session::HOUR — 3600
  • Session::DAY — 86400
  • Session::WEEK — 604800

Detailed examples

  1. Short-lived session that expires after 30 seconds of inactivity:
$session = new Session(Session::HOUR, 30);
$session->write('cart', ['sku' => 'x', 'qty' => 1]);

// Later
if ($session->isLastActivityTimeoutExpired()) {
    // Force re-login or refresh the session
}
  1. Max-age-only session (ignore activity):
// Max age 24 hours, activity never expires
$session = new Session(Session::DAY, 0);
  1. Checking and rotating sessions safely

If you use isMaxAgeTimeoutExpired() or isLastActivityTimeoutExpired() in request logic, prefer to let the session management decide when to destroy the session. Example flow:

$session = new Session();
if ($session->isMaxAgeTimeoutExpired() || $session->isLastActivityTimeoutExpired()) {
    // Tear down and force a re-auth
    $session->destroy();
    // redirect to login
}

Security and best practices

  • Use secure cookies (HTTPS) and set session.cookie_secure=1 in PHP when serving over TLS.
  • Consider setting session.cookie_httponly=1 to reduce the risk of XSS-based cookie theft.
  • Regenerate session ids on privilege changes (e.g. login) using session_regenerate_id(true) in your authentication code path. This library intentionally does not regenerate an id on every open to keep behavior predictable and to avoid interfering with timeout logic.
  • Store only non-sensitive identifiers in sessions when possible. If you must store secrets, ensure your session storage is protected (e.g. server-side storage, not client-supplied).

Performance considerations

  • This library opens and closes the session around each operation which helps avoid long-lived session locks in high-concurrency environments (AJAX requests, concurrent fetches).
  • Avoid storing extremely large datasets in sessions to reduce IO and lock durations.

Testing

This project uses PHPUnit 9.6 for unit tests (the last PHPUnit series that supports PHP 7.4). The repository includes a phpunit.xml.dist and a tests/bootstrap.php bootstrap file.

Install dev dependencies (recommended):

Unix/macOS:

composer install --no-interaction --prefer-dist

Windows (cmd.exe / PowerShell):

composer install --no-interaction --prefer-dist

Run the test suite:

Unix/macOS:

./vendor/bin/phpunit --configuration phpunit.xml.dist

Windows (cmd.exe / PowerShell):

vendor\bin\phpunit --configuration phpunit.xml.dist

Notes and troubleshooting

  • If you previously used the project's legacy KissTest runner, it has been replaced by PHPUnit as part of the migration. There is no need to run php tests/index.php for automated test runs anymore.

  • If you see messages from Xdebug such as "Could not connect to debugging client" or other output before tests run, those messages can cause session_start() to fail because headers were already sent. The test bootstrap starts output buffering and the Session class includes a safe emulation fallback for environments where headers are already sent to keep tests deterministic. If you still encounter issues:

    • Temporarily disable Xdebug while running tests, or
    • Ensure your terminal environment is not emitting extra startup output.
  • To run a single test file or method, supply the path and optionally a filter, for example:

./vendor/bin/phpunit tests/JoeFallon/PhpSession/SessionTest.php
# or run a single test method
./vendor/bin/phpunit --filter test_read_write tests/JoeFallon/PhpSession/SessionTest.php

Continuous Integration

Example GitHub Actions job snippet (runs on Ubuntu):

steps:
  - uses: actions/checkout@v3
  - name: Set up PHP
    uses: shivammathur/setup-php@v2
    with:
      php-version: '7.4'
  - name: Install dependencies
    run: composer install --no-progress --no-suggest --prefer-dist
  - name: Run tests
    run: vendor/bin/phpunit --configuration phpunit.xml.dist

Contributing

Contributions are welcome. A good contribution path:

  1. Fork the repository.
  2. Create a small, focused branch for your change.
  3. Add tests that cover the behavior you change or add.
  4. Run the test suite and ensure everything is green.
  5. Open a pull request with a clear description of the change.

License

MIT — see the LICENSE file for details.

Acknowledgements

Built by Joe Fallon. The test framework was migrated from the small KissTest runner to PHPUnit 9.6 to keep compatibility with PHP 7.4; thanks to the authors of both projects.

Contact

If you have questions or need help integrating phpsession, open an issue on GitHub: https://github.com/joefallon/phpsession

Built with ❤️ and the KISS principle.

joefallon/phpsession 适用场景与选型建议

joefallon/phpsession 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 133 次下载、GitHub Stars 达 2, 最近一次更新时间为 2014 年 10 月 26 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「php」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 joefallon/phpsession 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 joefallon/phpsession 我们能提供哪些服务?
定制开发 / 二次开发

基于 joefallon/phpsession 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 133
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 3
  • 点击次数: 15
  • 依赖项目数: 2
  • 推荐数: 0

GitHub 信息

  • Stars: 2
  • Watchers: 2
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2014-10-26