Custom PHP session handler for Nette Framework that uses MySQL database for storage.
- nette/database 3.1+
- nette/di 3.0+
- nette/utils 3.2+
- PHP 8.1+
Requirements for previous versions
Requirements for 2.2
- nette/database 3.1+
- nette/di 3.0+
- nette/utils 3.2+
- PHP 7.4+
Requirements for 2.1 (not supported anymore)
- nette/database 2.4+
- nette/di 2.4+
- nette/utils 2.4+
- PHP 7.2+
Preferred way to install spaze/mysql-session-handler is by using Composer:
$ composer require spaze/mysql-session-handler
After installation:
-
Create the table sessions using SQL in sql/create.sql.
-
Register an extension in config.neon:
extensions:
sessionHandler: Spaze\Session\DI\MysqlSessionHandlerExtension
- For security reasons, Session ID is stored in the database as an SHA-256 hash.
- Supports encrypted session storage via spaze/encryption which uses paragonie/halite which uses Sodium.
- Events that allow you to add additional columns to the session storage table for example.
- Multi-Master Replication friendly (tested in Master-Master row-based replication setup).
Follow the guide at spaze/encryption to define a new encryption key.
Define a new service:
sessionEncryption: \Spaze\Encryption\Symmetric\StaticKey('session', %encryption.keys%, %encryption.activeKeyIds%)
Add the new encryption service to the session handler:
sessionHandler:
encryptionService: @sessionEncryption
Migration from unecrypted to encrypted session storage is not (yet?) supported.
The event occurs before session data is written to the session table, both for a new session (when a new row is inserted) or an existing session (a row us updated). The event is not triggered when just the session timestamp is updated without any change in the session data.
You can add a new column by calling setAdditionalData()
in the event handler:
setAdditionalData(string $key, $value): void
Use it to store for example user id to which the session belongs to.
This is heavily based on MySQL Session handler by Pematon (Marián Černý & Peter Knut), thanks!