Getting started
Routing and controllers
Command line
Databases (SQL)
Databases (NoSQL)
Security
Packages
Learn more
- Array helper
- Caching
- Collections
- Command bus
- Date and time
- Events
- File system
- HTML helper
- Humanizer
- Image manipulation
- Internationalization
- Logging
- Number helper
- Pagination
- Retry helper
- Sessions
- String helper
- URL builder
- UUID helper
- Validation
- Views
Official packages
Sessions
The Mako session library comes with four different session stores by default.
- Database
- File
- Null
- Redis
Usage
Data
Adding an item to the session is done using the put method.
$this->session->put('name', $name);
The
mako.flashdataandmako.tokenskeys are used by the framework and should not be used to store data.
You can check if an item exists in the session using the has method.
$this->session->has('name');
Getting an item from the session is done using the get method.
$this->session->get('name');
You can also tell the method to return a custom value if the key you're looking for doesn't exist. The default return value for non-existing items is null.
$this->session->get('name', 'John Doe');
You can also get data from the session and replace it using the getAndPut method.
$this->session->getAndPut('name', $name);
It is also possible to retrieve and remove data with a single method call using the getAndRemove method.
$this->session->getAndRemove('name');
If you want to return custom value if the key you're looking for doesn't exist then you can set it using the optional second parameter. The default return value for non-existing items is null.
$this->session->getAndRemove('name', 'John Doe');
Removing data from the session is done using the remove method.
$this->session->remove('name');
If you want to clear all session data then you can use the clear method.
$this->session->clear();
Flash data
Sometimes you'll want to store temporary data that should expire after the next request (e.g., error and status messages). For this you can use the putFlash method.
$this->session->putFlash('success', 'The article has successfully been deleted!');
Retrieving flash data is done using the getFlash method.
$data = $this->session->getFlash('success');
You can also tell the method to return a custom value if the key you're looking for doesn't exist. The default return value for non-existing items is null.
$data = $this->session->getFlash('success', 'Some other message.');
You can check if a flash item exists in the session using the hasFlash method.
$this->session->hasFlash('success');
You can remove flash data using the removeFlash method. This is usually not needed as flash data expires after one request.
$this->session->removeFlash('success');
Sometimes you'll want to extend the lifetime of the flash data by one request. This can be done using the reflash method.
$this->session->reflash();
You can also choose to reflash only a set of keys if you don't want to reflash all the flash data.
$this->session->reflash(['success', 'error']);
Security
Token
The getToken returns a token that can be used in forms and AJAX requests to prevent CSRF.
$token = $this->session->getToken();
The validateToken method allows you to validate a token. It will return true if the token is valid and false if not. You can also validate tokens using the token rule of the validator library.
$valid = $this->session->validateToken($token);
The regenerateToken method lets you generates a new token.
$token = $this->session->regenerateToken();
Mako will automatically generate a new token upon a successful login and logout when using the Gatekeeper authentication library.
One time tokens
$token = $this->session->regenerateToken();
The generateOneTimeToken method allows you to generate a one time token that can be used in forms to prevent CSRF.
$token = $this->session->generateOneTimeToken();
The validateOneTimeToken method allows you to validate a one time token. It will return true if the token is valid and false if not. You can also validate tokens using the one_time_token rule of the validator library.
One time tokens that have been validated once are no longer considered valid so they are not well suited for use with AJAX requests.
$valid = $this->session->validateOneTimeToken($token);
Note that only the last 20 one time tokens that have been generated during a session are valid.
Session id
Retrieving the session id is done by using the getId method.
$id = $this->session->getId();
Regenerating the session id can be done by using the regenerateId method. A general rule of thumb is to regenerate the session id each time the access level of the user changes.
$this->session->regenerateId();
You can tell it to keep the data associated with the old session id
$this->session->regenerateId(true);
Mako will automatically regenerate the session id upon a successful login and logout when using the Gatekeeper authentication library.
Session destruction
To destroy a session use the destroy method.
$this->session->destroy();