Custom PHP session handler for Nette Framework that uses MySQL database for storage.
- nette/database 3.2+
- nette/di 3.2+
- PHP 8.2+
The preferred way to install spaze/mysql-session-handler is by using Composer:
$ composer require spaze/mysql-session-handlerAfter installation:
- Create a table named
sessionsusing SQL in sql/create.sql. The name of the table can be changed in the configuration using thetableNamekey, like this:
sessionHandler:
tableName: sessions_table- Register the extension in your configuration file (e.g.
config.neon):
extensions:
sessionHandler: Spaze\Session\DI\MysqlSessionHandlerExtension- For security reasons, the session id is stored in the database as an SHA-256 hash.
- Supports encrypted session storage via spaze/encryption which uses paragonie/halite which uses Sodium.
- Events that allow you, for example, to add additional columns to the session storage table.
- Multi-master replication-friendly (tested in master-master row-based replication setup).
Follow the guide at spaze/encryption to create and configure a new encryption key.
Define a new service:
sessionEncryption: \Spaze\Encryption\Symmetric\StaticKey('session', %encryption.keys%, %encryption.activeKeyIds%)
Add the new encryption service to the session handler:
sessionHandler:
encryptionService: @sessionEncryption
Migration from unencrypted to encrypted session storage is not (yet?) supported.
The event occurs before session data is written to the session table, both for a new session (when a new row is inserted) and for an existing session (when a row is updated), even if there is no change in the session data.
You can add a new column to the session table by calling setAdditionalData() in the event handler:
setAdditionalData(string $key, $value): void
Use it to store, for example, the user id the session belongs to. See for example this code which uses the Nette\Security\User::onLoggedIn handler to do that.
This is heavily based on MySQL Session handler by Pematon (Marián Černý & Peter Knut), thanks!