UserSession uses JwtTrait

Represents all information about a user's session.

A user session can be bound to a frontend / backend user, or an anonymous session based on session data stored in the session backend.

If a session is anonymous, it can be fixated by storing the session in the backend, but only if there is data in the session.

if a session is user-bound, it is automatically fixated.

The $isNew flag is meant to show that this user session object was not fetched from the session backend, but initialized in the first place by the current request.

The $data argument stores arbitrary data valid for the user's session.

A permanent session is not issued by a session-based cookie but a time-based cookie. The session might be persisted in the user's browser.

Table of Contents

Constants

SESSION_UPDATE_GRACE_PERIOD  = 61

Properties

$data  : array<string|int, mixed>
$identifier  : string
$ipLock  : string
$isNew  : bool
$isPermanent  : bool
$lastUpdated  : int
$userId  : int|null
$wasUpdated  : bool

Methods

createFromRecord()  : self
Creates a new user session based on the provided session record
createNonFixated()  : self
Creates a non fixated user session. This means the session does not belong to a logged-in user
dataWasUpdated()  : bool
Checks whether the session data has been updated
get()  : mixed
Returns the session data for the given `$key` or `NULL` if the key does not exist. It is internally used if calling `AbstractUserAuthentication->getSessionData()`
getData()  : array<string|int, mixed>
getIdentifier()  : string
getIpLock()  : string
getJwt()  : string
Gets session ID wrapped in JWT to be used for emitting a new cookie.
getLastUpdated()  : int
getUserId()  : int|null
hasData()  : bool
Checks whether the session has data assigned
isAnonymous()  : bool
Checks if the user session is an anonymous one. This means, the session does not belong to a logged-in user
isNew()  : bool
Checks whether the session is marked as new
isPermanent()  : bool
Checks whether the session was marked as permanent
needsUpdate()  : bool
Checks whether the session has to be updated
overrideData()  : void
Overrides the whole data array. Can also be used to unset the array.
resolveIdentifierFromJwt()  : non-empty-string|null
Verifies and resolves the session ID from a submitted cookie value: `Cookie: <JWT(HS256, [identifier => <session-id>], <signature(encryption-key, cookie-domain)>)>`
set()  : void
Sets or updates session data value for a given `$key`. It is also internally used if calling `AbstractUserAuthentication->setSessionData()`
toArray()  : array<string|int, mixed>
__construct()  : mixed

Constants

SESSION_UPDATE_GRACE_PERIOD

protected mixed SESSION_UPDATE_GRACE_PERIOD = 61

Properties

$data

protected array<string|int, mixed> $data

$isPermanent

protected bool $isPermanent = false

$wasUpdated

protected bool $wasUpdated = false

Methods

createFromRecord()

Creates a new user session based on the provided session record

public static createFromRecord(string $id, array<string|int, mixed> $record[, bool $markAsNew = false ]) : self
Parameters
$id : string

the session identifier

$record : array<string|int, mixed>
$markAsNew : bool = false
Return values
self

createNonFixated()

Creates a non fixated user session. This means the session does not belong to a logged-in user

public static createNonFixated(string $identifier) : self
Parameters
$identifier : string
Return values
self

dataWasUpdated()

Checks whether the session data has been updated

public dataWasUpdated() : bool
Return values
bool

get()

Returns the session data for the given `$key` or `NULL` if the key does not exist. It is internally used if calling `AbstractUserAuthentication->getSessionData()`

public get(string $key) : mixed
Parameters
$key : string

getData()

public getData() : array<string|int, mixed>
Return values
array<string|int, mixed>

the whole data array.

getIdentifier()

public getIdentifier() : string
Return values
string

the session ID. This is the ses_id respectively the AbstractUserAuthentication->id

getIpLock()

public getIpLock() : string
Return values
string

the ipLock state of the session

getJwt()

Gets session ID wrapped in JWT to be used for emitting a new cookie.

public getJwt([CookieScope|null $scope = null ]) : string

Cookie: <JWT(HS256, [identifier => <session-id>], <signature(encryption-key, cookie-domain)>)>

Parameters
$scope : CookieScope|null = null
Return values
string

the session ID wrapped in JWT to be used for emitting a new cookie

getLastUpdated()

public getLastUpdated() : int
Return values
int

the timestamp of the last session data update. This is the ses_tstamp.

getUserId()

public getUserId() : int|null
Return values
int|null

the user ID the session belongs to. Can also return 0 or NULL Which indicates an anonymous session. This is the ses_userid.

hasData()

Checks whether the session has data assigned

public hasData() : bool
Return values
bool

isAnonymous()

Checks if the user session is an anonymous one. This means, the session does not belong to a logged-in user

public isAnonymous() : bool
Return values
bool

isNew()

Checks whether the session is marked as new

public isNew() : bool
Return values
bool

isPermanent()

Checks whether the session was marked as permanent

public isPermanent() : bool
Return values
bool

needsUpdate()

Checks whether the session has to be updated

public needsUpdate() : bool
Return values
bool

overrideData()

Overrides the whole data array. Can also be used to unset the array.

public overrideData(array<string|int, mixed> $data) : void

This also sets the $wasUpdated pointer to true

Parameters
$data : array<string|int, mixed>

resolveIdentifierFromJwt()

Verifies and resolves the session ID from a submitted cookie value: `Cookie: <JWT(HS256, [identifier => <session-id>], <signature(encryption-key, cookie-domain)>)>`

public static resolveIdentifierFromJwt(string $cookieValue, CookieScope $scope) : non-empty-string|null
Parameters
$cookieValue : string

submitted cookie value

$scope : CookieScope
Tags
throws
Exception
see
getJwt()
Return values
non-empty-string|null

session ID, null in case verification failed

set()

Sets or updates session data value for a given `$key`. It is also internally used if calling `AbstractUserAuthentication->setSessionData()`

public set(string $key, mixed $value) : void
Parameters
$key : string

The key whose value should be updated

$value : mixed

The value or NULL to unset the key

toArray()

public toArray() : array<string|int, mixed>
Internal

Used internally to store data in the backend

Return values
array<string|int, mixed>

The session record as array

__construct()

protected __construct(string $identifier, int $userId, int $lastUpdated[, array<string|int, mixed> $data = [] ]) : mixed
Parameters
$identifier : string
$userId : int
$lastUpdated : int
$data : array<string|int, mixed> = [] 

        

        
    




    

    

                            

            

                            
    

        On this page

        
    


            

                    

        

    

        

            
Search results