{"id":15068538,"url":"https://github.com/byjg/php-jwt-session","last_synced_at":"2025-04-03T01:13:01.396Z","repository":{"id":62498593,"uuid":"86188390","full_name":"byjg/php-jwt-session","owner":"byjg","description":"JwtSession is a PHP session replacement. Instead of use FileSystem, just use JWT TOKEN. The implementation follow the SessionHandlerInterface.","archived":false,"fork":false,"pushed_at":"2024-09-11T21:11:47.000Z","size":49,"stargazers_count":50,"open_issues_count":2,"forks_count":14,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-26T18:12:23.095Z","etag":null,"topics":["handler","jwt","jwt-token","jwtsession","php","php-sessions","php7","stateless","stateless-components"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/byjg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-03-25T21:03:09.000Z","updated_at":"2024-12-04T15:22:54.000Z","dependencies_parsed_at":"2024-03-04T11:16:43.251Z","dependency_job_id":"bb0c59c5-f080-4e89-8732-55ef1108a4db","html_url":"https://github.com/byjg/php-jwt-session","commit_stats":null,"previous_names":["byjg/php-jwt-session","byjg/jwt-session"],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byjg%2Fphp-jwt-session","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byjg%2Fphp-jwt-session/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byjg%2Fphp-jwt-session/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byjg%2Fphp-jwt-session/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/byjg","download_url":"https://codeload.github.com/byjg/php-jwt-session/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246916761,"owners_count":20854514,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["handler","jwt","jwt-token","jwtsession","php","php-sessions","php7","stateless","stateless-components"],"created_at":"2024-09-25T01:38:01.418Z","updated_at":"2025-04-03T01:13:01.376Z","avatar_url":"https://github.com/byjg.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# JwtSession\n\n[![Build Status](https://github.com/byjg/jwt-session/actions/workflows/phpunit.yml/badge.svg?branch=master)](https://github.com/byjg/jwt-session/actions/workflows/phpunit.yml) \n[![Opensource ByJG](https://img.shields.io/badge/opensource-byjg-success.svg)](http://opensource.byjg.com) \n[![GitHub source](https://img.shields.io/badge/Github-source-informational?logo=github)](https://github.com/byjg/jwt-session/) \n[![GitHub license](https://img.shields.io/github/license/byjg/jwt-session.svg)](https://opensource.byjg.com/opensource/licensing.html) \n[![GitHub release](https://img.shields.io/github/release/byjg/jwt-session.svg)](https://github.com/byjg/jwt-session/releases/)\n\nJwtSession is a PHP session replacement. Instead of use FileSystem, just use JWT TOKEN. \nThe implementation following the SessionHandlerInterface.\n\n# How to use:\n\nBefore the session_start() use the command: \n\n```php\n\u003c?php\n$sessionConfig = (new \\ByJG\\Session\\SessionConfig('your.domain.com'))\n    -\u003ewithSecret('your super base64url encoded secret key');\n\n$handler = new \\ByJG\\Session\\JwtSession($sessionConfig);\nsession_set_save_handler($handler, true);\n```\n\nNow, all your `$_SESSION` variable will be saved directly to a JWT Token!!\n\n## Secret key\nMake sure that you are providing a base64url encoded key.\n \n# Motivation\n\nThe default PHP Session does not work in different servers using round robin or other algorithms.\nThis occurs because PHP Session are saved by default in the file system. \n\nThere are implementations can save the session to REDIS or MEMCACHED, for example. \nBut this requires to you create a new server to store this session and creates a single point of failure. \nTo avoid this you have to create REDIS/MEMCACHED clusters. \n\nBut if you save the session into JWT Token you do not need to create a new server.\nJust to use. \n\nYou can read more in this Codementor's article: \n[Using JSON Web Token (JWT) as a PHP Session](https://www.codementor.io/byjg/using-json-web-token-jwt-as-a-php-session-axeuqbg1m)\n\n# Security Information\n\nThe JWT Token cannot be changed, but it can be read. \nThis implementation save the JWT into a client cookie.  \nBecause of this _**do not** store in the JWT Token sensible data like passwords_.\n \n# Install\n\n```\ncomposer require \"byjg/jwt-session\"\n```\n\n \n# Setting the validity of JWT Token\n\n```php\n\u003c?php\n$sessionConfig = (new \\ByJG\\Session\\SessionConfig('your.domain.com'))\n    -\u003ewithSecret('your super base64url encoded secret key')\n    -\u003ewithTimeoutMinutes(60);   // You can use withTimeoutHours(1)\n\n$handler = new \\ByJG\\Session\\JwtSession($sessionConfig);\nsession_set_save_handler($handler, true);\n```\n\n# Setting the different Session Contexts\n\n```php\n\u003c?php\n$sessionConfig = (new \\ByJG\\Session\\SessionConfig('your.domain.com'))\n    -\u003ewithSecret('your super base64url encoded secret key')\n    -\u003ewithSessionContext('MYCONTEXT');\n\n$handler = new \\ByJG\\Session\\JwtSession($sessionConfig);\nsession_set_save_handler($handler, true);\n```\n\n# Create the handler and replace the session handler\n\n```php\n\u003c?php\n$sessionConfig = (new \\ByJG\\Session\\SessionConfig('your.domain.com'))\n    -\u003ewithSecret('your super base64url encoded secret key')\n    -\u003ereplaceSessionHandler();\n\n$handler = new \\ByJG\\Session\\JwtSession($sessionConfig);\n```\n\n# Specify cookie domain \n\n```php\n\u003c?php\n$sessionConfig = (new \\ByJG\\Session\\SessionConfig('your.domain.com'))\n    -\u003ewithSecret('your super base64url encoded secret key')\n    -\u003ewithCookie('.mydomain.com', '/')\n    -\u003ereplaceSessionHandler();\n\n$handler = new \\ByJG\\Session\\JwtSession($sessionConfig);\n```\n\n# Uses RSA Private/Public Keys\n\n```php\n\u003c?php\n        $secret = \u003c\u003c\u003cPRIVATE\n-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA5PMdWRa+rUJmg6QMNAPIXa+BJVN7W0vxPN3WTK/OIv5gxgmj\n2inHGGc6f90TW/to948LnqGtcD3CD9KsI55MubafwBYjcds1o9opZ0vYwwdIV80c\nOVZX1IUZFTbnyyKcXeFmKt49A52haCiy4iNxcRK38tOCApjZySx/NzMDeaXuWe+1\nnd3pbgYa/I8MkECa5EyabhZJPJo9fGoSZIklNnyq4TfAUSwl+KN/zjj3CXad1oDT\n7XDDgMJDUu/Vxs7h3CQI9zILSYcL9zwttbLnJW1WcLlAAIaAfABtSZboznsStMnY\nto01wVknXKyERFs7FLHYqKQANIvRhFTptsehowIDAQABAoIBAEkJkaQ5EE0fcKqw\nK8BwMHxKn81zi1e9q1C6iEHgl8csFV03+BCB4WTUkaH2udVPJ9ZJyPArLbQvz3fS\nwl1+g4V/UAksRtRslPkXgLvWQ2k8KoTwBv/3nn9Kkozk/h8chHuii0BDs30yzSn4\nSdDAc9EZopsRhFklv9xgmJjYalRk02OLck73G+d6MpDqX56o2UA/lf6i9MV19KWP\nHYip7CAN+i6k8gA0KPHwr76ehgQ6YHtSntkWS8RfVI8fLUB1UlT3HmLgUBNXMWkQ\nZZbvXtNOt6NtW/WIAHEYeE9jmFgrpW5jKJSLn5iGVPFZwJIZXRPyELEs9NHWkS6e\nGmdzxnECgYEA8+m05B/tmeZOuMrPVJV9g+aBDcuxmW+sdLRch+ccSmx4ZNQOLVoU\nklYgTZq/a1O4ENq0h2WgccNlRHdcH4sXMBvLalA/tFhZMUuA/KXWyZ1F0hBnjHVF\ncj1alHCqh+9qJDGdn4mxSmrp8p0rfeWgBwlFtJEJmjjDWDCtVY+JZcsCgYEA8EuV\nWF/ilgDjgC4jMCYNuO0oFGBbtNP17PuU3kh8W+joqK/nufZ3NLy1WrDIpqa9YPex\n328Nnjljf5GJWSdMchAp82waLzl7FaaBTY0iyFAK4J0jfC/fVLx82+wpM3utDnh8\n9x5iIboO5U7uEJ7k8X2p64GoprlKJSRmGAJ7eIkCgYEAw5IsXI3NMY0cqcbUHvoO\nPehgqfMdX+3O1XSYjM+eO35lulLdWzfTLtKn7BGcUi46dCkofzfZQd5uIEukLhaU\nbRqcK45UxgHg4kmsDufaJKZaCWjl3hVZrZPMQSFlWsF41bSCshzxbr3y/3lOGhA4\nE+w3W+S/Uk0ZNGkzUltYy6kCgYEA0gRNeBr9z7rhG4O3j3qC3dCxCfYZ0Na8hy5v\nM0PJJQ9QYTa04iyOjVItcyE1jaoHtLtoA+9syJBB7RoHIBufzcVg1Pbzf7jOYeLP\n+jbTYp3Kk/vjKsQwfj/rJM+oRu3eF9qo5dbxT6btI++zVGV7lbEOFN6Sx30EV6gT\nbwKkZXkCgYEAnEtN43xL8bRFybMc1ZJErjc0VocnoQxCHm7LuAtLOEUw6CwwFj9Q\nGOl+GViVuDHUNQvURLn+6gg4tAemYlob912xIPaU44+lZzTMHBOJBGMJKi8WogKi\nV5+cz9l31uuAgNfjL63jZPaAzKs8Zx6R3O5RuezympwijCIGWILbO2Q=\n-----END RSA PRIVATE KEY-----\nPRIVATE;\n\n        $public = \u003c\u003c\u003cPUBLIC\n-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5PMdWRa+rUJmg6QMNAPI\nXa+BJVN7W0vxPN3WTK/OIv5gxgmj2inHGGc6f90TW/to948LnqGtcD3CD9KsI55M\nubafwBYjcds1o9opZ0vYwwdIV80cOVZX1IUZFTbnyyKcXeFmKt49A52haCiy4iNx\ncRK38tOCApjZySx/NzMDeaXuWe+1nd3pbgYa/I8MkECa5EyabhZJPJo9fGoSZIkl\nNnyq4TfAUSwl+KN/zjj3CXad1oDT7XDDgMJDUu/Vxs7h3CQI9zILSYcL9zwttbLn\nJW1WcLlAAIaAfABtSZboznsStMnYto01wVknXKyERFs7FLHYqKQANIvRhFTptseh\nowIDAQAB\n-----END PUBLIC KEY-----\nPUBLIC;\n\n$sessionConfig = (new \\ByJG\\Session\\SessionConfig('example.com'))\n    -\u003ewithRsaSecret($secret, $public)\n    -\u003ereplaceSessionHandler();\n\n$handler = new \\ByJG\\Session\\JwtSession($sessionConfig);\n```\n\nIf you want to know more details about how to create RSA Public/Private Keys access:\nhttps://github.com/byjg/jwt-wrapper \n\n\n# How it works\n\nWe store a cookie named `AUTH_BEARER_` followed by the context name with the session name. The PHPSESSID cookie is still created because\nPHP create it by default but we do not use it;\n\n\n## Dependencies\n\n```mermaid  \nflowchart TD  \n    byjg/jwt-session --\u003e byjg/jwt-wrapper  \n```\n\n----  \n[Open source ByJG](http://opensource.byjg.com)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbyjg%2Fphp-jwt-session","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbyjg%2Fphp-jwt-session","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbyjg%2Fphp-jwt-session/lists"}