Getting started
Routing and controllers
Command line
Databases (SQL)
Databases (NoSQL)
Security
Packages
Learn more
- Array helper
- Caching
- Command bus
- Date and time
- Events
- File system
- HTML helper
- Humanizer
- Image manipulation
- Internationalization
- Logging
- Number helper
- Pagination
- Sessions
- String helper
- URL builder
- UUID helper
- Validation
- Views
Official packages
Sessions
The Mako session library comes with four different session stores by default.
- Database
- File
- Null
- Redis
Usage
Data
Adding an item to the session is done using the put
method.
$this->session->put('name', $name);
The
mako.flashdata
andmako.tokens
keys are used by the framework and should not be used to store data.
You can check if an item exists in the session using the has
method.
$this->session->has('name');
Getting an item from the session is done using the get
method.
$this->session->get('name');
You can also tell the method to return a custom value if the key you're looking for doesn't exist. The default return value for non-existing items is NULL.
$this->session->get('name', 'John Doe');
You can also get data from the session and replace it using the getAndPut
method.
$this->session->getAndPut('name', $name);
It is also possible to retrieve and remove data with a single method call using the getAndRemove
method.
$this->session->getAndRemove('name');
If you want to return custom value if the key you're looking for doesn't exist then you can set it using the optional second parameter. The default return value for non-existing items is NULL.
$this->session->getAndRemove('name', 'John Doe');
Removing data from the session is done using the remove
method.
$this->session->remove('name');
If you want to clear all session data then you can use the clear
method.
$this->session->clear();
Flash data
Sometimes you'll want to store temporary data that should expire after the next request (e.g., error and status messages). For this you can use the putFlash
method.
$this->session->putFlash('success', 'The article has successfully been deleted!');
Retrieving flash data is done using the getFlash
method.
$data = $this->session->getFlash('success');
You can also tell the method to return a custom value if the key you're looking for doesn't exist. The default return value for non-existing items is NULL.
$data = $this->session->getFlash('success', 'Some other message.');
You can check if a flash item exists in the session using the hasFlash
method.
$this->session->hasFlash('success');
You can remove flash data using the removeFlash
method. This is usually not needed as flash data expires after one request.
$this->session->removeFlash('success');
Sometimes you'll want to extend the lifetime of the flash data by one request. This can be done using the reflash
method.
$this->session->reflash();
You can also choose to reflash only a set of keys if you don't want to reflash all the flash data.
$this->session->reflash(['success', 'error']);
Security
Token
The getToken
returns a token that can be used in forms and AJAX requests to prevent CSRF.
$token = $this->session->getToken();
The validateToken
method allows you to validate a token. It will return TRUE if the token is valid and FALSE if not. You can also validate tokens using the token
rule of the validator library.
$valid = $this->session->validateToken($token);
The regenerateToken
method lets you generates a new token.
$token = $this->session->regenerateToken();
Mako will automatically generate a new token upon a successful login and logout when using the Gatekeeper authentication library.
One time tokens
$token = $this->session->regenerateToken();
The generateOneTimeToken
method allows you to generate a one time token that can be used in forms to prevent CSRF.
$token = $this->session->generateOneTimeToken();
The validateOneTimeToken
method allows you to validate a one time token. It will return TRUE if the token is valid and FALSE if not. You can also validate tokens using the one_time_token
rule of the validator library.
One time tokens that have been validated once are no longer considered valid so they are not well suited for use with AJAX requests.
$valid = $this->session->validateOneTimeToken($token);
Note that only the last 20 one time tokens that have been generated during a session are valid.
Session id
Retrieving the session id is done by using the getId
method.
$id = $this->session->getId();
Regenerating the session id can be done by using the regenerateId
method. A general rule of thumb is to regenerate the session id each time the access level of the user changes.
$this->session->regenerateId();
You can tell it to keep the data associated with the old session id
$this->session->regenerateId(true);
Mako will automatically regenerate the session id upon a successful login and logout when using the Gatekeeper authentication library.
Session destruction
To destroy a session use the destroy
method.
$this->session->destroy();