solophp/session 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

solophp/session

Composer 安装命令:

composer require solophp/session

包简介

Secure PHP Session Handler with advanced security features

README 文档

README

Latest Version on Packagist License PHP Version

Secure PHP session handler with advanced security features and session management.

Features

  • Secure session configuration out of the box
  • Session timeout management (idle timeout)
  • Session integrity checks (IP and User-Agent validation)
  • Protection against session fixation attacks
  • Strict session management
  • Cookie security controls
  • Session status monitoring

Requirements

  • PHP 8.1 or higher

Installation

composer require solophp/session

Basic Usage

use Solo\Session\Session;

// Create session with default secure settings
$session = new Session();

// Store data
$session->set('user', $userData);

// Get data
$userData = $session->get('user');

// Check if data exists
if ($session->has('user')) {
    // ...
}

// Remove data
$session->unset('user');

// Clear all data
$session->clear();

// Completely destroy session
$session->destroy();

Configuration

$session = new Session(
    lifetime: 1800,          // Idle timeout in seconds (default: 1800 = 30 minutes)
    expireOnClose: true,     // Delete session cookie when browser closes (default: true)
    secure: true,            // Require HTTPS (default: true)
    httpOnly: true,          // Prevent JavaScript access (default: true)
    sameSite: 'Strict',      // CSRF protection: 'Strict'|'Lax'|'None' (default: 'Strict')
    path: '/',               // Cookie path (default: '/')
    domain: '',              // Cookie domain (default: '')
    useStrictMode: true,     // Enable strict mode (default: true)
    useCookiesOnly: true     // Prevent session ID in URLs (default: true)
);

Configuration Options

Parameter Type Default Description
lifetime int 1800 Idle timeout in seconds. Session expires after this period of inactivity.
expireOnClose bool true If true, session cookie is deleted when browser closes. If false, cookie persists for lifetime seconds.
secure bool true Only send cookie over HTTPS.
httpOnly bool true Prevent JavaScript access to session cookie.
sameSite string 'Strict' CSRF protection level: 'Strict', 'Lax', or 'None'.
path string '/' Cookie path.
domain string '' Cookie domain.
useStrictMode bool true Reject uninitialized session IDs.
useCookiesOnly bool true Prevent session ID from being passed via URL.

Security Features

Session Timeout

Sessions automatically expire after a period of inactivity (default 30 minutes):

// Check if session has expired
if ($session->isExpired()) {
    // Handle expired session
}

// Get last activity timestamp
$lastActivity = $session->getLastActivity();

// Get session creation timestamp
$createdAt = $session->getCreatedAt();

Session Integrity

Sessions are validated against:

  • User's IP address
  • User's browser (User-Agent)
  • Session initiation status

Cookie Security

Secure cookie settings:

  • HttpOnly flag
  • Secure flag (HTTPS only)
  • SameSite attribute
  • Configurable domain and path
  • Optional expiration on browser close

Available Methods

Data Management

// Get value with default fallback
$value = $session->get('key', 'default');

// Set value
$session->set('key', 'value');

// Check existence
$exists = $session->has('key');

// Remove specific key
$session->unset('key');

// Get all session data
$allData = $session->all();

// Clear all data
$session->clear();

Session Management

// Regenerate session ID
$session->regenerateId();

// Destroy session completely
$session->destroy();

// Get current session ID
$id = $session->getCurrentId();

// Get session cookie name
$name = $session->getCookieName();

// Get session save path
$path = $session->getSavePath();

// Get session status
$status = $session->getStatus();

// Get configured lifetime
$lifetime = $session->getLifetime();

// Get session creation time
$createdAt = $session->getCreatedAt();

Session Status Values

  • PHP_SESSION_DISABLED = 0
  • PHP_SESSION_NONE = 1
  • PHP_SESSION_ACTIVE = 2

Development

Running Tests

composer test

Static Analysis

composer analyse

Code Style

Check code style:

composer cs-check

Fix code style:

composer cs-fix

Run All Quality Checks

composer quality

Best Practices

  1. Always use HTTPS in production (secure: true)
  2. Set appropriate lifetime values for your application
  3. Consider using 'Strict' SameSite setting for better security
  4. Monitor session activity using provided methods
  5. Handle expired sessions appropriately
  6. Use session regeneration for sensitive operations

License

MIT

solophp/session 适用场景与选型建议

solophp/session 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 95 次下载、GitHub Stars 达 0, 最近一次更新时间为 2024 年 07 月 13 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「php」 「security」 「session」 「php-session」 「session-handler」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 solophp/session 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 solophp/session 我们能提供哪些服务?
定制开发 / 二次开发

基于 solophp/session 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 95
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 7
  • 依赖项目数: 1
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 1
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2024-07-13