class Session implements CookieEnabledInterface (View source)

A modular session implementation based on the caching framework.

You may access the currently active session in userland code. In order to do this, inject SessionInterface and NOT just the Session object. The former will be a unique instance (singleton) representing the current session while the latter would be a completely new session instance!

You can use the Session Manager for accessing sessions which are not currently active.

Note that Flow's bootstrap (that is, Neos\Flow\Core\Scripts) will try to resume a possibly existing session automatically. If a session could be resumed during that phase already, calling start() at a later stage will be a no-operation.

Constants

TAG_PREFIX

Properties

protected ObjectManagerInterface $objectManager
protected LoggerInterface $logger
protected VariableFrontend $metaDataCache

Meta data cache for this session

protected VariableFrontend $storageCache

Storage cache for this session

protected string $sessionCookieName
protected int $sessionCookieLifetime
protected string $sessionCookieDomain
protected string $sessionCookiePath
protected bool $sessionCookieSecure
protected bool $sessionCookieHttpOnly
protected string $sessionCookieSameSite
protected Cookie $sessionCookie
protected int $inactivityTimeout
protected int $lastActivityTimestamp
protected array $tags
protected int $now
protected float $garbageCollectionProbability
protected int $garbageCollectionMaximumPerRun
protected string $sessionIdentifier

The session identifier

protected string $storageIdentifier

Internal identifier used for storing session data in the cache

protected bool $started

If this session has been started

protected bool $remote

If this session is remote or the "current" session

Methods

__construct(string $sessionIdentifier = null, string $storageIdentifier = null, int $lastActivityTimestamp = null, array $tags = [])

Constructs this session

createFromCookieAndSessionInformation(Cookie $sessionCookie, string $storageIdentifier, int $lastActivityTimestamp, array $tags = [])

No description

void
injectSettings(array $settings)

Injects the Flow settings

void
injectLogger(LoggerInterface $logger)

Injects the (system) logger based on PSR-3.

void
initializeObject()

No description

getSessionCookie()

No description

bool
isStarted()

Tells if the session has been started already.

bool
isRemote()

Tells if the session is local (the current session bound to the current HTTP request) or remote (retrieved through the Session Manager).

void
start()

Starts the session, if it has not been already started

bool
canBeResumed()

Returns true if there is a session that can be resumed.

void
resume()

Resumes an existing session, if any.

string
getId()

Returns the current session identifier

string
renewId()

Generates and propagates a new session ID and transfers all existing data to the new session.

array
getData(string $key)

Returns the data associated with the given key.

bool
hasKey(string $key)

Returns true if a session data entry $key is available.

void
putData(string $key, mixed $data)

Stores the given data under the given key in the session

int
getLastActivityTimestamp()

Returns the unix time stamp marking the last point in time this session has been in use.

void
addTag(string $tag)

Tags this session with the given tag.

void
removeTag(string $tag)

Removes the specified tag from this session.

array
getTags()

Returns the tags this session has been tagged with.

void
touch()

Updates the last activity time to "now".

void
close()

Explicitly writes and closes the session

void
destroy(string $reason = null)

Explicitly destroys all session data

int
collectGarbage()

Iterates over all existing sessions and removes their data if the inactivity timeout was reached.

void
shutdownObject()

Shuts down this session

bool
autoExpire()

Automatically expires the session if the user has been inactive for too long.

void
storeAuthenticatedAccountsInfo(array $tokens)

Stores some information about the authenticated accounts in the session data.

void
writeSessionMetaDataCacheEntry()

Writes the cache entry containing information about the session, such as the last activity time and the storage identifier.

void
removeSessionMetaDataCacheEntry(string $sessionIdentifier)

Removes the session info cache entry for the specified session.

Details

__construct(string $sessionIdentifier = null, string $storageIdentifier = null, int $lastActivityTimestamp = null, array $tags = [])

Constructs this session

If $sessionIdentifier is specified, this constructor will create a session instance representing a remote session. In that case $storageIdentifier and $lastActivityTimestamp are also required arguments.

Session instances MUST NOT be created manually! They should be retrieved via the Session Manager or through dependency injection (use SessionInterface!).

Parameters

string $sessionIdentifier

The public session identifier which is also used in the session cookie

string $storageIdentifier

The private storage identifier which is used for storage cache entries

int $lastActivityTimestamp

Unix timestamp of the last known activity for this session

array $tags

A list of tags set for this session

Exceptions

InvalidArgumentException

static CookieEnabledInterface|SessionInterface createFromCookieAndSessionInformation(Cookie $sessionCookie, string $storageIdentifier, int $lastActivityTimestamp, array $tags = [])

No description

Parameters

Cookie $sessionCookie
string $storageIdentifier
int $lastActivityTimestamp
array $tags

Return Value

CookieEnabledInterface|SessionInterface

void injectSettings(array $settings)

Injects the Flow settings

Parameters

array $settings

Settings of the Flow package

Return Value

void

void injectLogger(LoggerInterface $logger)

Injects the (system) logger based on PSR-3.

Parameters

LoggerInterface $logger

Return Value

void

void initializeObject()

No description

Return Value

void

Exceptions

InvalidBackendException

Cookie getSessionCookie()

No description

Return Value

Cookie

bool isStarted()

Tells if the session has been started already.

Return Value

bool

bool isRemote()

Tells if the session is local (the current session bound to the current HTTP request) or remote (retrieved through the Session Manager).

Return Value

bool

true if the session is remote, false if this is the current session

void start()

Starts the session, if it has not been already started

Return Value

void

Exceptions

Exception

See also

CookieEnabledInterface

bool canBeResumed()

Returns true if there is a session that can be resumed.

If a to-be-resumed session was inactive for too long, this function will trigger the expiration of that session. An expired session cannot be resumed.

NOTE that this method does a bit more than the name implies: Because the session info data needs to be loaded, this method stores this data already so it doesn't have to be loaded again once the session is being used.

Return Value

bool

void resume()

Resumes an existing session, if any.

Return Value

void

string getId()

Returns the current session identifier

Return Value

string

The current session ID

Exceptions

SessionNotStartedException

string renewId()

Generates and propagates a new session ID and transfers all existing data to the new session.

Return Value

string

The new session ID

Exceptions

SessionNotStartedException
OperationNotSupportedException

array getData(string $key)

Returns the data associated with the given key.

Parameters

string $key

An identifier for the content stored in the session.

Return Value

array

The contents associated with the given key

Exceptions

SessionNotStartedException

bool hasKey(string $key)

Returns true if a session data entry $key is available.

Parameters

string $key

Return Value

bool

Exceptions

SessionNotStartedException

void putData(string $key, mixed $data)

Stores the given data under the given key in the session

Parameters

string $key

The key under which the data should be stored

mixed $data

The data to be stored

Return Value

void

Exceptions

DataNotSerializableException
SessionNotStartedException

int getLastActivityTimestamp()

Returns the unix time stamp marking the last point in time this session has been in use.

For the current (local) session, this method will always return the current time. For a remote session, the unix timestamp will be returned.

Return Value

int

unix timestamp

Exceptions

SessionNotStartedException

void addTag(string $tag)

Tags this session with the given tag.

Note that third-party libraries might also tag your session. Therefore it is recommended to use namespaced tags such as "Acme-Demo-MySpecialTag".

Parameters

string $tag

The tag – must match be a valid cache frontend tag

Return Value

void

Exceptions

SessionNotStartedException
InvalidArgumentException

void removeTag(string $tag)

Removes the specified tag from this session.

Parameters

string $tag

The tag – must match be a valid cache frontend tag

Return Value

void

Exceptions

SessionNotStartedException

array getTags()

Returns the tags this session has been tagged with.

Return Value

array

The tags or an empty array if there aren't any

Exceptions

SessionNotStartedException

void touch()

Updates the last activity time to "now".

Return Value

void

Exceptions

SessionNotStartedException

void close()

Explicitly writes and closes the session

Return Value

void

void destroy(string $reason = null)

Explicitly destroys all session data

Parameters

string $reason

A reason for destroying the session – used by the LoggingAspect

Return Value

void

Exceptions

SessionNotStartedException

int collectGarbage()

Iterates over all existing sessions and removes their data if the inactivity timeout was reached.

Return Value

int

The number of outdated entries removed or NULL if no such information could be determined

Exceptions

Exception
NotSupportedByBackendException

void shutdownObject()

Shuts down this session

This method must not be called manually – it is invoked by Flow's object management.

protected bool autoExpire()

Automatically expires the session if the user has been inactive for too long.

Return Value

bool

true if the session expired, false if not

protected void storeAuthenticatedAccountsInfo(array $tokens)

Stores some information about the authenticated accounts in the session data.

This method will check if a session has already been started, which is the case after tokens relying on a session have been authenticated: the UsernamePasswordToken does, for example, start a session in its authenticate() method.

Because more than one account can be authenticated at a time, this method accepts an array of tokens instead of a single account.

Note that if a session is started after tokens have been authenticated, the session will NOT be tagged with authenticated accounts.

Parameters

array $tokens

Return Value

void

protected void writeSessionMetaDataCacheEntry()

Writes the cache entry containing information about the session, such as the last activity time and the storage identifier.

This function does not write the whole session data into the storage cache, but only the "head" cache entry containing meta information.

The session cache entry is also tagged with "session", the session identifier and any custom tags of this session, prefixed with TAG_PREFIX.

Return Value

void

protected void removeSessionMetaDataCacheEntry(string $sessionIdentifier)

Removes the session info cache entry for the specified session.

Note that this function does only remove the "head" cache entry, not the related data referred to by the storage identifier.

Parameters

string $sessionIdentifier

Return Value

void