{"id":20779224,"url":"https://github.com/bolt/session","last_synced_at":"2025-04-30T19:41:00.893Z","repository":{"id":56951125,"uuid":"97781787","full_name":"bolt/session","owner":"bolt","description":"PHP session storage for Symfony's HTTP layer","archived":false,"fork":false,"pushed_at":"2018-02-25T09:53:13.000Z","size":195,"stargazers_count":8,"open_issues_count":0,"forks_count":2,"subscribers_count":14,"default_branch":"1.1","last_synced_at":"2025-04-22T13:49:34.466Z","etag":null,"topics":["bolt","php","session-handler","session-store","sessions"],"latest_commit_sha":null,"homepage":"https://bolt.cm","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bolt.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-07-20T02:30:46.000Z","updated_at":"2019-12-31T19:52:27.000Z","dependencies_parsed_at":"2022-08-21T09:20:27.931Z","dependency_job_id":null,"html_url":"https://github.com/bolt/session","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bolt%2Fsession","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bolt%2Fsession/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bolt%2Fsession/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bolt%2Fsession/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bolt","download_url":"https://codeload.github.com/bolt/session/tar.gz/refs/heads/1.1","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251770930,"owners_count":21641176,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bolt","php","session-handler","session-store","sessions"],"created_at":"2024-11-17T13:26:40.314Z","updated_at":"2025-04-30T19:41:00.871Z","avatar_url":"https://github.com/bolt.png","language":"PHP","readme":"Bolt Session\n============\n\nPHP session handler built on Symfony components and supporting Silex v1 \u0026 v2.\n\nSupports session storage with:\n\n - Doctrine cache\n - Symfony Filesystem\n - Bolt Filesystem\n - Memcache\n - Memcached\n - PSR-6 Cache\n - PSR-16 Simple Cache\n - Redis\n\n\nService Providers\n-----------------\n\n### Silex 1\n\n```php\nuse Bolt\\Session\\Bridge\\Silex1\\SessionServiceProvider;\nuse Silex\\Application;\n\n\n$app = new Applicaiton();\n$app-\u003eregister(new SessionServiceProvider());\n```\n\n\n### Silex 2\n\n```php\nuse Bolt\\Session\\Bridge\\Silex2\\SessionServiceProvider;\nuse Silex\\Application;\n\n$app = new Applicaiton();\n$app-\u003eregister(new SessionServiceProvider());\n```\n\n\nBrowser cookies\n---------------\n\nBy default, Bolt will inherit the settings `cookies_lifetime`, `cookies_domain`,\nand `enforce_ssl` (for `cookie_secure`) should no override options be set, as\nper the order of precedence explained in the introduction.\n\nHowever, there are several override settings available, should you need more\nfine-grained control.\n\n### Life time\n\nTime in seconds, that a cookie will be valid for. Setting this value to 0 means\n\"until the browser is closed\".\n\n| Key | Default | |\n| ----------------- | ------- | ------------ |\n| `cookie_lifetime` | 1209600 | Integer \u003e= 0 |\n\nIn `.php.ini` this setting is [`session.cookie_lifetime`][php-cookie-lifetime].\n\n\n### Base URI path\n\nSpecifies URI path to set in the session cookie.\n\n| Key | Default | |\n| ------------- | ------- | ------------ |\n| `cookie_path` | `/` | URI string |\n\nIn `.php.ini` this setting is [`session.cookie_path`][php-cookie-path].\n\n\n### Override domain name\n\nSpecifies the domain to set in the session cookie. Default is null, meaning the\nhost name of the server which generated the cookie.\n\n| Key | Default | |\n| --------------- | ------------------------- | ----------------------------- |\n| `cookie_domain` | HTTP(S) request host name | A fully qualified domain name |\n\nIn `.php.ini` this setting is [`session.cookie_domain`][php-cookie-domain].\n\n\n### Enforce HTTPS requests\n\nSetting this to `true` will enforce a HTTPS connection requirement to set, and\nuse, the session cookie.\n\n\n| Key | Default | |\n| --------------- | ------- | --------------------- |\n| `cookie_secure` | `false` | Boolean on/off toggle |\n\nIn `.php.ini` this setting is [`session.cookie_secure`][php-cookie-cookie-secure].\n\n\n### Restricting request to the HTTP protocol\n\nMarks the cookie as accessible only through the HTTP _protocol_, blocking\naccess to requests by things such as JavaScript.\n\nThis setting can effectively help to reduce identity theft through XSS attacks,\nalthough browser support may vary.\n\n| Key | Default | |\n| ----------------- | ------- | --------------------- |\n| `cookie_httponly` | `true` | Boolean on/off toggle |\n\nSetting in your `config.yml`:\n\nIn `.php.ini` this setting is [`session.cookie_httponly`][php-cookie-httponly].\n\n\nSession ID generation\n---------------------\n\nSession IDs are randomly generated to uniquely identify a user's session. Bolt\ninternally handles this generation in a fashion close to how PHP 7.1+ now does\nto better ensure the uniqueness of the generated ID.\n\nBy default, both PHP \u0026 Bolt use an ID length of 32, which should provide only\na small chance of collisions, or predictability, of the generated ID.\n\nOn hosts with a consistent amount of available CPU resources, and a focus on\nsecurity, you should consider a number of 48 or greater. However, this will\nincrease the server load, and amount of time taken to generate session IDs.\n\nAn example of generating 1,000 session IDs on PHP 7.0 and an Intel i5-5200:\n\n| ID length | milliseconds |\n| ----------| ------------ |\n| 32 | 0.002059 |\n| 48 | 0.002560 |\n| 64 | 0.003031 |\n| 128 | 0.003016 |\n| 256 | 0.004132 |\n\n\nMaximum value supported is 256.\n\n| Key | Default | |\n| -------------| ------- | ------------------------ |\n| `sid_length` | 32 | Integer between 32 \u0026 256 |\n\nIn PHP 7.1+ the `.php.ini` this setting is [`session.sid_length`][php-sid-length].\n\n\nSession storage handler\n-----------------------\n\nSession storage handling, by default, is our filesystem layer. However, we also\nsupport Redis \u0026 Memcached for more advanced use-cases.\n\n| Key | Default | |\n| ---------------| ------------ | ---------------------------------- |\n| `save_handler` | `filesystem` | `filesystem`, `redis`, `memcached` |\n\nSetting in your `config.yml`:\n\nIn `.php.ini` this setting is [`session.save_handler`][php-save-handler].\n\n**Note:** Some web hosting providers may implement alternative session handling\nthat is not compatible with Bolt Session.\n\nShould you encounter exceptions from `SessionServiceProvider` indicating\nproblems with PHP's system save path, set `save_handler: filesystem`,\nand the `save_path` option shown below.\n\n\n### Using the Redis handler\n\nWhen using Redis as the handler, the following options are also under the\n`connections` subkey, of the session options:\n\n| Key | Default | |\n| ------------ | ----------- | ------------------------------------------------- |\n| `host` | `localhost` | Host name or I.P. address of Redis server |\n| `port` | 6379 | TCP port of Redis server |\n| `timeout` | 0.0 | A float value in seconds (0.0 meanings unlimited) |\n| `persistent` | `null` | Boolean to toggle persistent connections |\n| `password` | `null` | (optional) Authenticate the connection using a password. **Warning:** The password is sent in plain-text over the network.\n| `prefix` | `null` | (optional) Prefix string used on all keys |\n| `database` | `null` | Integer of the database index to connect to |\n\nIf the native `\\Redis` library is available, it will be used as the handler for\nRedis, if not available, it will instead check for the PHP implementation of\nthe native library, `\\Predis\\Client` and use that.\n\n\n### Using the Memcached handler\n\nWhen using Memcached as the handler, the following options are also under the\n`connections` subkey, of the session options:\n\n| Key | Default | |\n| ------------ | ----------- | ----------------------------------------------------- |\n| `host` | `localhost` | String host name or I.P. address of Memcached server |\n| `port` | 11211 | TCP port of Memcached server |\n| `weight` | 0 | (optional) The weight of the server relative to the total weight of all the servers in the pool. This controls the probability of the server being selected for operations.\n| `expiretime` | 86400 | (optional) Life time in seconds of stored keys |\n| `prefix` | `sf2s` | (optional) Prefix string used on all keys |\n\n\nSaved session file path\n-----------------------\n\nSession data is cached in between requests, and **is not** cleared by the\nnormal cache clearing functionality.\n\nInstead, it uses garbage collection to manage deletion of expired sessions. See\nthe section below on garbage collection for details on configuration.\n\n| Key | Default | |\n| ------------| ------------------- | --------------------------------- |\n| `save_path` | `cache://.sessions` | Path passed to the `save_handler` |\n\n**Note:** Manually deleting session data on a live server is **never advised**.\nShould this ever be required on a live server, ensure all users are logged off,\nand place the site into maintenance mode first.\n\nIn `.php.ini` this setting is [`session.save_path`][php-save-path].\n\n### Using the Filesystem handler\n\nWhen using the default filesystem handler, the `save_path` parameter needs to\nbe in the form of `{mount point}://{path}`.\n\nSee the [Overview of Bolt's Filesystem][bolt-filesystem] page for details on\nthe mount points available in Bolt.\n\n**Warning:** If you set this to a world-readable directory, such as `/tmp`,\nother users on the server may be able to hijack sessions, or extract\npotentially sensitive data.\n\n\n### Using the Redis handler\n\nWhen using Redis as the handler, `save_path` should be defined in the format\n`tcp://IPADDRESS:PORT`, with a default of `tcp://127.0.0.1:6379`.\n\n\n### Using the Memcached handler\n\nWhen using Memcached as the handler, `save_path` should be defined in the\nformat `IPADDRESS:PORT`, with a default of `127.0.0.1:11211`.\n\n\nGarbage collection\n------------------\n\nSession garbage collection is the removal of sessions older than the configured\nmaximum life time.\n\nThe need to perform garbage collection is determined based on a random probability\ncalculation during the initialisation of each session.\n\n\n### Maximum life time\n\nThe maximum life time setting specifies the number of seconds after which\nsession data will be seen as 'garbage' and potentially cleaned up.\n\n| Key | Default | |\n| ---------------- | --------| ------------------ |\n| `gc_maxlifetime` | 1209600 | Integer of seconds |\n\nIn `.php.ini` this setting is [`session.gc_maxlifetime`][php-gc-maxlifetime].\n\n\n### Probability \u0026 divisor\n\nThe setting `gc_divisor` coupled with `gc_probability` define the probability that\nthe garbage collection (GC) process is performed.\n\nIn Bolt's session storage handler, the probability is calculated by generating\na random number between 0 and `gc_divisor`. If the value of `gc_probability` is\ngreater than the random number, garbage collection will be performed, and\nsession files older than the maximum configured life time are removed.\n\n**Note:** To disable garbage collection, set `gc_probability` to `-1`.\n\n| Key | Default | |\n| ---------------- | --------| ----------- |\n| `gc_probability` | 1 | Integer |\n| `gc_divisor` | 1000 | Integer |\n\nIn `.php.ini` these settings are:\n - [`session.gc_probability`][php-gc-probability]\n - [`session.gc_divisor`][php-gc-divisor]\n\n---\n\n[bolt-filesystem]: https://docs.bolt.cm/extensions/filesystem/introduction\n[php-cookie-lifetime]: http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime\n[php-cookie-path]: http://php.net/manual/en/session.configuration.php#ini.session.cookie-path\n[php-cookie-domain]: http://php.net/manual/en/session.configuration.php#ini.session.cookie-domain\n[php-cookie-cookie-secure]: http://php.net/manual/en/session.configuration.php#ini.session.cookie-secure\n[php-cookie-httponly]: http://php.net/manual/en/session.configuration.php#ini.session.cookie-httponly\n[php-sid-length]: http://php.net/manual/en/session.configuration.php#ini.session.sid-length\n[php-save-handler]: http://php.net/manual/en/session.configuration.php#ini.session.save-handler\n[php-save-path]: http://php.net/manual/en/session.configuration.php#ini.session.save-path\n[php-gc-maxlifetime]: http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime\n[php-gc-probability]: http://php.net/manual/en/session.configuration.php#ini.session.gc-probability\n[php-gc-divisor]: http://php.net/manual/en/session.configuration.php#ini.session.gc-divisor\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbolt%2Fsession","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbolt%2Fsession","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbolt%2Fsession/lists"}