Session
class Session implements CookieEnabledInterface (View source)
A modular session implementation based on the caching framework.
You may access the currently active session in userland code. In order to do this, inject SessionInterface and NOT just the Session object. The former will be a unique instance (singleton) representing the current session while the latter would be a completely new session instance!
You can use the Session Manager for accessing sessions which are not currently active.
Note that Flow's bootstrap (that is, Neos\Flow\Core\Scripts) will try to resume a possibly existing session automatically. If a session could be resumed during that phase already, calling start() at a later stage will be a no-operation.
Constants
| TAG_PREFIX |
|
Properties
| protected ObjectManagerInterface | $objectManager | ||
| protected LoggerInterface | $logger | ||
| protected VariableFrontend | $metaDataCache | Meta data cache for this session |
|
| protected VariableFrontend | $storageCache | Storage cache for this session |
|
| protected string | $sessionCookieName | ||
| protected int | $sessionCookieLifetime | ||
| protected string | $sessionCookieDomain | ||
| protected string | $sessionCookiePath | ||
| protected bool | $sessionCookieSecure | ||
| protected bool | $sessionCookieHttpOnly | ||
| protected string | $sessionCookieSameSite | ||
| protected Cookie | $sessionCookie | ||
| protected int | $inactivityTimeout | ||
| protected int | $lastActivityTimestamp | ||
| protected array | $tags | ||
| protected int | $now | ||
| protected float | $garbageCollectionProbability | ||
| protected int | $garbageCollectionMaximumPerRun | ||
| protected string | $sessionIdentifier | The session identifier |
|
| protected string | $storageIdentifier | Internal identifier used for storing session data in the cache |
|
| protected bool | $started | If this session has been started |
|
| protected bool | $remote | If this session is remote or the "current" session |
Methods
Constructs this session
No description
Injects the Flow settings
Injects the (system) logger based on PSR-3.
No description
No description
Tells if the session has been started already.
Tells if the session is local (the current session bound to the current HTTP request) or remote (retrieved through the Session Manager).
Starts the session, if it has not been already started
Returns true if there is a session that can be resumed.
Resumes an existing session, if any.
Returns the current session identifier
Generates and propagates a new session ID and transfers all existing data to the new session.
Returns the data associated with the given key.
Returns true if a session data entry $key is available.
Stores the given data under the given key in the session
Returns the unix time stamp marking the last point in time this session has been in use.
Tags this session with the given tag.
Removes the specified tag from this session.
Returns the tags this session has been tagged with.
Updates the last activity time to "now".
Explicitly writes and closes the session
Explicitly destroys all session data
Iterates over all existing sessions and removes their data if the inactivity timeout was reached.
Shuts down this session
Automatically expires the session if the user has been inactive for too long.
Stores some information about the authenticated accounts in the session data.
Writes the cache entry containing information about the session, such as the last activity time and the storage identifier.
Removes the session info cache entry for the specified session.
Details
__construct(string $sessionIdentifier = null, string $storageIdentifier = null, int $lastActivityTimestamp = null, array $tags = [])
Constructs this session
If $sessionIdentifier is specified, this constructor will create a session instance representing a remote session. In that case $storageIdentifier and $lastActivityTimestamp are also required arguments.
Session instances MUST NOT be created manually! They should be retrieved via the Session Manager or through dependency injection (use SessionInterface!).
static CookieEnabledInterface|SessionInterface
createFromCookieAndSessionInformation(Cookie $sessionCookie, string $storageIdentifier, int $lastActivityTimestamp, array $tags = [])
No description
void
injectSettings(array $settings)
Injects the Flow settings
void
injectLogger(LoggerInterface $logger)
Injects the (system) logger based on PSR-3.
void
initializeObject()
No description
Cookie
getSessionCookie()
No description
bool
isStarted()
Tells if the session has been started already.
bool
isRemote()
Tells if the session is local (the current session bound to the current HTTP request) or remote (retrieved through the Session Manager).
void
start()
Starts the session, if it has not been already started
bool
canBeResumed()
Returns true if there is a session that can be resumed.
If a to-be-resumed session was inactive for too long, this function will trigger the expiration of that session. An expired session cannot be resumed.
NOTE that this method does a bit more than the name implies: Because the session info data needs to be loaded, this method stores this data already so it doesn't have to be loaded again once the session is being used.
void
resume()
Resumes an existing session, if any.
string
getId()
Returns the current session identifier
string
renewId()
Generates and propagates a new session ID and transfers all existing data to the new session.
array
getData(string $key)
Returns the data associated with the given key.
bool
hasKey(string $key)
Returns true if a session data entry $key is available.
void
putData(string $key, mixed $data)
Stores the given data under the given key in the session
int
getLastActivityTimestamp()
Returns the unix time stamp marking the last point in time this session has been in use.
For the current (local) session, this method will always return the current time. For a remote session, the unix timestamp will be returned.
void
addTag(string $tag)
Tags this session with the given tag.
Note that third-party libraries might also tag your session. Therefore it is recommended to use namespaced tags such as "Acme-Demo-MySpecialTag".
void
removeTag(string $tag)
Removes the specified tag from this session.
array
getTags()
Returns the tags this session has been tagged with.
void
touch()
Updates the last activity time to "now".
void
close()
Explicitly writes and closes the session
void
destroy(string $reason = null)
Explicitly destroys all session data
int
collectGarbage()
Iterates over all existing sessions and removes their data if the inactivity timeout was reached.
void
shutdownObject()
Shuts down this session
This method must not be called manually – it is invoked by Flow's object management.
protected bool
autoExpire()
Automatically expires the session if the user has been inactive for too long.
protected void
storeAuthenticatedAccountsInfo(array $tokens)
Stores some information about the authenticated accounts in the session data.
This method will check if a session has already been started, which is the case after tokens relying on a session have been authenticated: the UsernamePasswordToken does, for example, start a session in its authenticate() method.
Because more than one account can be authenticated at a time, this method accepts an array of tokens instead of a single account.
Note that if a session is started after tokens have been authenticated, the session will NOT be tagged with authenticated accounts.
protected void
writeSessionMetaDataCacheEntry()
Writes the cache entry containing information about the session, such as the last activity time and the storage identifier.
This function does not write the whole session data into the storage cache, but only the "head" cache entry containing meta information.
The session cache entry is also tagged with "session", the session identifier and any custom tags of this session, prefixed with TAG_PREFIX.
protected void
removeSessionMetaDataCacheEntry(string $sessionIdentifier)
Removes the session info cache entry for the specified session.
Note that this function does only remove the "head" cache entry, not the related data referred to by the storage identifier.