Next in my GitHub Projects series, I'm going to cover the PHP-SecureSessions library.
What is this?
This library contains two classes which allow you to quickly and securely setup sessions for a web application. As it's name implies, it's centred around sessions being very secure, having cookies which are signed with a visitors IP address and user agent.
Why did I develop it?
As most of us do, I use sessions extensively when developing a more-than-basic web application or site. I wanted to have a library that I could really quickly drop-in, whereby I don't have to worry about if it's secure. To trust it.
The second class in this library, SMSession is designed in the same ethos: to
quickly be able to throw in Memcached based sessions (important for load
balanced setups) without too much effort.
What's included?
This project includes two classes which can be instantiated:
SSessionServer-default based secure sessionsSMSessionMemcached-based secure sessions
Both classes contain a variety of public methods which should be viewed in the source itself.
How do I use it?
One of these two classes ought to be instantiated early on in the request
process. I do so by having a common include which immediately opens an
SMSession instance, defines the Memcached server(s), sets the session (cookie)
name, host (based on the $_SERVER['HTTP_HOST'] variable), and adds the
server(s) to the instance.
Then? I just call the open method on the instance. And we're in business. From
here, you can use the standard $_SESSION variable to read and write from/to
the session.
Why did I abstract it out?
Once again, I wanted this library to be used to solve one simple challenge:
To open and manage a session, securely.
Additionally, I seperated the creation of a session from a memcached-powered session in order to allow flexibliity for developers who either don't have memcached installed on their server, or don't have root access to do so.
Finally, I would eventually like to create an APC powered session script, and
this is very possible by having the SSession class as a parent, as there is no
code in it that stipulates which engine should store a session's data.
PHP-Pagination is next.