2017 © Pedro Peláez
 

silverstripe-vendormodule hybridsessions

Cookie/DB session support for SilverStripe

image

silverstripe/hybridsessions

Cookie/DB session support for SilverStripe

  • Monday, June 18, 2018
  • by tractorcow
  • Repository
  • 12 Watchers
  • 9 Stars
  • 58,901 Installations
  • PHP
  • 2 Dependents
  • 0 Suggesters
  • 15 Forks
  • 3 Open issues
  • 15 Versions
  • 10 % Grown

The README.md

Hybrid Sessions

Build Status Scrutinizer Code Quality codecov SilverStripe supported module, (*1)

Introduction

Adds a session handler that tries storing the session in an encrypted cookie when possible, and if not ( because the session is too large, or headers have already been set) stores it in the database., (*2)

This allows using SilverStripe on multiple servers without sticky sessions (as long as you solve other multi-server issues like asset storage and databases)., (*3)

Requirements

  • MySQL database is the only supported DB store.

Installation

  • Install with composer using composer require silverstripe/hybridsessions:*
  • /dev/build?flush=all to setup the necessary tables
  • In order to initiate the session handler is is necessary to add a snippet of code to your _config.php, along with a private key used to encrypt user cookies.

in mysite/_config.php, (*4)

// Ensure that you define a sufficiently indeterminable value for SS_SESSION_KEY in your `.env`
use SilverStripe\HybridSessions\HybridSession;

HybridSession::init(SS_SESSION_KEY);

Security

As long as the key is unguessable and secret, generally this should be as secure as server-side-only cookies. The one exception is that cookie sessions are vulnerable to replay attacks. This is only a problem if you're storing stuff you shouldn't in the session anyway, but it's important you understand the issue. Ruby on rails has good documentation of the issue at http://guides.rubyonrails.org/security.html#replay-attacks-for-cookiestore-sessions, (*5)

Crypto handlers

This module ships with two default cryptographic handlers:, (*6)

  • OpenSSLCrypto: uses the OpenSSL library (default).
  • McryptCrypto: uses the mcrypt library. Please note that this is deprecated, and removed from PHP 7.2. We advise against its use.

You can also implement your own cryptographic handler by creating a class that implements the SilverStripe\HybridSessions\Crypto\CryptoHandler interface., (*7)

To configure the active handler, add YAML configuration to your project:, (*8)

---
Name: myappsessionstores
After: sessionstores
---
SilverStripe\HybridSessions\HybridSession:
  SilverStripe\HybridSessions\Crypto\CryptoHandler:
    class: MyCustomCryptoHandler

Caveats

This module is not fully compatible with the testsession module, as the database store is not available prior to DB connectivity, which uses the session to dictate DB connections. Data smaller than 1000 bytes may still be stored via the cookie store, but larger data sets will be lost., (*9)

The Versions

18/06 2018

dev-master

9999999-dev

Cookie/DB session support for SilverStripe

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Hamish Friedlander

silverstripe session cwp

14/06 2018

2.0.x-dev

2.0.9999999.9999999-dev

Cookie/DB session support for SilverStripe

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Hamish Friedlander

silverstripe session cwp

18/01 2018

1.x-dev

1.9999999.9999999.9999999-dev

Cookie/DB session support for SilverStripe

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Hamish Friedlander

silverstripe session cwp

20/12 2017

2.0.0-beta2

2.0.0.0-beta2

Cookie/DB session support for SilverStripe

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Hamish Friedlander

silverstripe session cwp

20/12 2017

2.0.0

2.0.0.0

Cookie/DB session support for SilverStripe

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Hamish Friedlander

silverstripe session cwp

12/10 2017

2.0.0-beta1

2.0.0.0-beta1

Cookie/DB session support for SilverStripe

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Hamish Friedlander

silverstripe session cwp

06/10 2017

1.1.x-dev

1.1.9999999.9999999-dev

Cookie/DB session support for SilverStripe

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Hamish Friedlander

silverstripe session cwp

06/10 2017

1.0.x-dev

1.0.9999999.9999999-dev

Cookie/DB session support for SilverStripe

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Hamish Friedlander

04/02 2016

1.1.1

1.1.1.0

Cookie/DB session support for SilverStripe

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Hamish Friedlander

silverstripe session cwp

26/05 2015

1.1.0

1.1.0.0

Cookie/DB session support for SilverStripe

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Hamish Friedlander

18/11 2014

1.0.4

1.0.4.0

Cookie/DB session support for SilverStripe

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Hamish Friedlander

20/08 2014

1.0.3

1.0.3.0

Cookie/DB session support for SilverStripe

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Hamish Friedlander

19/08 2014

1.0.2

1.0.2.0

Cookie/DB session support for SilverStripe

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Hamish Friedlander

18/08 2014

1.0.1

1.0.1.0

Cookie/DB session support for SilverStripe

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Hamish Friedlander

15/08 2014

1.0.0

1.0.0.0

Cookie/DB session support for SilverStripe

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Hamish Friedlander