auraphp / aura.session Goto Github PK
View Code? Open in Web Editor NEWTools for managing sessions, including session segments and read-once messages
Home Page: https://packagist.org/packages/aura/session
License: MIT License
Tools for managing sessions, including session segments and read-once messages
Home Page: https://packagist.org/packages/aura/session
License: MIT License
Both develop-2
and master
is showing 16 errors with phpunit run under the console under either PHP 5.3 or 5.4, are you aware of this issue?
There were 16 errors:
1) Aura\Session\CsrfTokenTest::testLaziness
session_start(): Cannot send session cookie - headers already sent by (output started at C:\workspace\test\Aura.Session\tests\phpunit.phar:2)
... (more like this) ...
FAILURES!
Tests: 32, Assertions: 34, Errors: 16.
I'm not even sure how headers could be "sent" when it's running under a console?
Perhaps the phpunit configuration needs to be configured to suppress the message or output (or whatever) if that's what causing output to start - or maybe you need to wrap the test suite in ob_start()
and ob_get_clean()
to avoid output starting or something?
Hi,
I get this error message regularly (be it ajax calls or inside Twig templates):
A session is active. You cannot change the session module's ini settings at this time
I noticed you talk about it in the sessionStatus()
phpDoc, but I don't understand what you explain.
Why do I keep getting this error? What should I do to prevent it?
Thank you,
I thought this would be simple but I can't seem to figure out exactly how to make this work.
I have created a simple api which stores a user's email in an Aura Session on one domain. Let's call that domain login.domain.com
On multiple other sites I am trying to make a POST to that domain to retrieve the user's email that is logged in but because they are all different domains making the call; I need to somehow resume the session that is started on login.domain.com.
I tried to pass the session id into the session in various ways but it doesn't seem to work. Is there a way to pass a known session id into Aura to reconnect to an active session? Given that I have the session id I think it should be possible to do I just can't seem to find the correct function to call; or the correct order to call it in.
Once you set a flash, and retrive the flash, still the message not expiring ( v2 )
$segment = $session->getSegment('Cocoframework\Example\ContactResponder');
$segment->setFlashNow('message', 'Thank you!. Someone will shortly get in touch with you!');
echo$session->getSegment('Cocoframework\Example\ContactResponder')->getFlash('message');
Hi Paul,
Could you please tag session for it fixed some issues. Also there is Di, Sql people have been looking for releases.
I have been using the latest release via Composer (2.1.0) in some projects pretty smoothly (thanks!), but I noticed there are newer branches 3.x and 4.x here. What is the latest stable branch and will there be a new Composer release for it? Presuming those branches are stable, is there documentation for migrating from 2.x?
(Originally published at: https://gregorlove.com/2023/01/latest-stable-release/)
The idea is to be able to set different expiration time for each segment, that way it is possible to let expire the authentication information (for exemple), without losing the content of other Segments.
What do you think about that feature request ?
There is no hasFlash . Is it purposefully removed ?
The code that is in README (Getting Started) for init a session is not valid.
$session = include "/path/to/Aura.Session/scripts/instance.php";
The file scripts/instance.php don't exists in branch develop-2, exists only in branch develop.
In composer (https://packagist.org/packages/aura/session) the source code is develop-2.
Hi,
I am using this library for my application using localhost. segment is storing values when i access the site using http://localhost:8080 but it is not saving values if i access the same site using http://127.0.0.1:8080.
Please help me to fix this issue.
Hello.
I noticed that develop and master branch differ by their composer. But the tagged version 1.0 is even more different?
Which one is more stable and more awesome to use?
I see Travis is angry with #46, #47 on PHP7... but I dont think I did anything to break it.
- Aura\Session\SessionTest::testGetAndRegenerateId
session_regenerate_id(): Failed to create(read) session ID: user (path: )
Possibly related?
https://bugs.php.net/bug.php?id=70871
Any ideas?
Hi there,
Is the library supposed to work if I store arrays into the session?
Example:
$segment = $session->newSegment('Vendor\Package\ClassName');
$segment->foo = [
'test'
];
Right now I'm not having luck with this, but I'm not sure I'm doing everything correctly. So is that supposed to work?
Thanks
I can't find the reason why I am getting an error on this line while coding in my project. whereas my software engineer did the same thing and worked on it, but it didn't work for me and I couldn't find a solution what exactly he meant here, what is the error, how can I fix it?
I'm having a problem where subsequent session_start() is always regenterating the session id. I narrowed it down to it (apparently) not reading from PHPSESSID when session.use_cookies is false, even if session.use_only_cookies is true. I'm guessing there was a change since you wrote the article back in April, and or you were on a different version? http://paul-m-jones.com/archives/6310
I'm on version 7.0.13 using the built in server for testing. Do you know if this is a limitation of the built in server, changed with later versions, can you confirm it actually used to work in the past?
What is the future of this project? In my opinion, it is feature complete and only needs to have the latest versions of PHP (7.3, 7.4 & 8.0 as of this writing) tested via travis or Github Actions to ensure it continues to work with the currently supported version of PHP. Will anyone be updating the CI tests for this project?
What about adding session save handlers for PDO, Redis etc?
i can not set the session_name or session_param.
'session_set_cookie_params(): Cannot change session cookie parameters when session is active' in '\library\Aura\Session\Phpfunc.php' line 33
I think the session_set_cookie_params have to be called bevor creating the instance?
I have seen, that the project is not updated since 2 years. Is there another library uptodate?
with regards
Andy
Hi Paul,
In v2 I have not used commit but the session is still available. Does that mean we need to modify the docs https://github.com/auraphp/Aura.Session#saving-clearing-and-destroying-sessions
Segment.php
Perhaps, I asked the wrong question. But when I set some data with setFlash
on a request which, supposedly, meant to be utilised in the next request (only), I receive a NULL
on getFlash
call - which shouldn't be the case.
Is it only meant to be utilised in the similar request?
PS: Please check my pull request regarding the same. I'm using this library with Slim - microframework for PHP
Thank you
Hi,
I am using Aura and i have a many questions :
1- Can i set the entriopy of cookie value ?
2 - Can i set the method of hashing value?
3- Can i get a instance of session to check if exists?
4- When i get the csrf token, it generates a new token and new session but it doesn't have a first token generated
This is what I do. Am I using Aura wrong? The lifetime doesn't seem to go beyond 1hr, no matter what I do. It feels like I'm using it wrong, based on this lifetime issue that I'm having. Though, I did follow the documentation to the best of my knowledge.
Initiate session when needed:
public function session() {
if (!isset($this->_session)) {
$session_factory = new SessionFactory;
$this->_session = $session_factory->newInstance($_COOKIE);
$this->_session->resume();
}
return $this->_session;
}
Trying to set a session w/ lifetime in the login action:
if (login($email, $password) {
$this->session()->setCookieParams(array(
'lifetime' => (
// for instance, two days.
60*60*24*2
),
'path' => '/',
));
$segment = $this->session()->getSegment('MyProject');
$segment->set('identity', '…');
// don't know if this is necessary.
$this->session()->commit();
// redirect …
}
Load stored value from session on next page request:
// load user from session, if any.
$segment = $this->session()->getSegment('MyProject');
$user_id = $segment->get('identity');
The identity value is stored, but it gets automatically cleared after (I think) one hour – neither after two days, nor upon restarting the browser.
If I dump the session.cookie_lifetime
value at various places, I can see that it is indeed set right before the redirect, but then 0
again on the next page request. I'm not really sure if all the other session variables are set properly … I'm not very familiar with session management.
session.auto_start Off
session.cache_expire 180
session.cache_limiter nocache
session.cookie_domain no value
session.cookie_httponly no value
session.cookie_lifetime 0
session.cookie_path /
session.cookie_secure 0
session.gc_divisor 1000
session.gc_maxlifetime 1440
session.gc_probability 0
session.lazy_write On
session.name PHPSESSID
session.referer_check no value
session.save_handler files
session.save_path /var/lib/php/sessions
session.serialize_handler php
session.sid_length 26
session.upload_progress.cleanup On
session.upload_progress.enabled On
session.sid_bits_per_character 5
session.upload_progress.freq 1%
session.upload_progress.min_freq 1
session.upload_progress.name PHP_SESSION_UPLOAD_PROGRESS
session.upload_progress.prefix upload_progress_
session.use_cookies 1
session.use_only_cookies 1
session.use_strict_mode 0
session.use_trans_sid 0
Can someone please teach me how to use Aura correctly?
Hi all,
I forgot we have an issue auraphp/Aura.Auth#86 .
Looking at Auth, I noticed it is already being released 4.x .
My bad, I didn't noticed it. But probably for session we can separate the interface to a different repo.
I can get the flash messages working fine on plain PHP pages but when I try to use it in an MVC style setup, it doesn't work anymore. The set()
and get()
Session methods work fine though.
I thought maybe my MVC layout is the problem but I tried other flash message packages such as slim/flash
and it works fine.
Anybody else having issues with flash messages?
Btw, the README doc doesn't seem to be updated, it says:
We can do so on a per-segment basis by calling the Segment keepFlash() method, or we can keep all flashes for all segments by calling the Session
keepFlash()
method.
But there's seem to be no keepFlash()
method in the Session object
It looks like you've been refactoring for PHP 5.3 compatibility?
If so, please note that session_set_save_handler does not support SessionHandlerInterface before 5.4.
Like the title says, when the CsrfToken constructor is checking for an existing csrf token value, it's written as if Segment defines a __get method, but Segment has a regular get() method instead.
As a result, every time $session->getCsrfToken() is called, the token fails to find it's previous value from the session, and generates a new one...so no value can ever pass a $token->isValid() check.
Hi.
Can you anyone explain why my cookie parameters are being reset whenever I do a redirect or navigate to a new page? Apologies if I am doing something wrong here. So I start with the following:
index.php
require_once("autoload.php");
$session_factory = new \Aura\Session\SessionFactory;
$session = $session_factory->newInstance($_COOKIE);
$session->setCookieParams(array('lifetime' => '10','httponly' => true));
$segment = $session->getSegment('Vendor\Package\ClassName');
$segment->set('username', 'new person');
$segment->set('usertype', 'enduser');
header('Location: welcome.php');
exit(0);
When I var_dump $session on index.php I get the following for the cookie params:
...
["cookie_params":protected]=>
array(5) {
["lifetime"]=>
string(2) "10"
["path"]=>
string(1) "/"
["domain"]=>
string(0) ""
["secure"]=>
bool(false)
["httponly"]=>
bool(true)
}
...
welcome.php
require_once("autoload.php");
$session_factory = new \Aura\Session\SessionFactory;
$session = $session_factory->newInstance($_COOKIE);
$segment = $session->getSegment('Vendor\Package\ClassName');
When I var_dump $session on welcome.php I get the following for the cookie params:
....
["cookie_params":protected]=>
array(5) {
["lifetime"]=>
int(0)
["path"]=>
string(1) "/"
["domain"]=>
string(0) ""
["secure"]=>
bool(false)
["httponly"]=>
bool(false)
}
....
Any insight on this?
Thanks
Is there the possibility we could get a getOnce
function as we've dealt with a few applications that we want to use setFlash
for - but sometimes there are redirects going on, which mean the flash is lost.
What we find ourselves doing is
$previousConfiguration = Su::$session->get('previousConfiguration', false);
if( $previousConfiguration ){
Su::$session->set('previousConfiguration', false);
}
What would be great is if this functionality could be added by default, e.g
$session->getOnce('previousConfiguration', false);`
Which then unsets the value after its been used?
Many thanks for your time and effort in the project :)
Hi Paul,
I am wondering what will be the best way to encrypt the data of cookies. Do you have any idea ?
I know a few frameworks ( Slim ) that do encryption with mcrypt .
Hi Paul,
I feel session should have the remember me functionality than the Auth.
It seems to me the functionality of session to save the cookie.
What do you think ?
Flash messages can be of type info
, error
etc.
I haven't looked into the code to see how to make it. Just for a future remembrance .
Hi @pmjones ,
FYI there was a question from @brandonsavage in irc
I'm having some issues with the session handler.
15:39 brandonsavage It doesn't actually seem to save things.
15:42 brandonsavage harikt: Any thoughts?
15:46 harikt brandonsavage, are you doing commit ? else it will not save https://github.com/auraphp/Aura.Session#session-security
15:46 brandonsavage harikt: Yep, doing the commit.
15:46 harikt hm, no idea.
15:47 harikt Do you have somecode so I can try ?
15:48 brandonsavage harikt: Oh, I see my problem.
15:48 brandonsavage I saved an object to the session
15:48 brandonsavage And you can't do that.
15:49 brandonsavage I was hoping that Aura.Session would be smart enough to iterate, and serialize arrays/objects.
Hi Paul,
I was recalling a message to the groups, flash messages will be removed on next load even if it is displayed or not .
That gives me a feeling of we probably don't need to call to get the segment to set the flash message.
I have added to packagist .
Please add the hook :) .
Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.