PHPSession
PHPSession
Native PHP session-backed authentication state backend.
class PHPSession implements \Hazaar\Auth\Session\Backend\SessionBackendImplements {@see SessionBackend} by storing auth identity and payload data under $_SESSION, with values namespaced by {@see self::$sessionKey}.
Session validity checks include:
- presence of identity and auth payload
- non-empty session payload
- client fingerprint comparison using user-agent and remote IP values
This backend does not support refresh-token rotation and relies on PHP session lifecycle/GC behavior configured at runtime.
Properties
config
private array $configtoken
public ExpiringToken $tokenrefreshToken
public ExpiringToken $refreshTokenMethods
__construct
Constructor for the PHPSession backend.
public __construct(array $config): voidInitializes the session with the provided configuration options. If a session name is specified in the config, it sets the session name. Merges default configuration values with those provided.
Configuration options:
- name (string, optional): Custom session name.
- expire (int, optional): Session expiration time in seconds. Default is 3600 (1 hour).
- refresh (int, optional): Session refresh interval in seconds. Default is 86400 (24 hours).
- idle (int, optional): Idle timeout in seconds. Default is 0 (no idle timeout).
- session_key (string, optional): Key used to store session data. Default is 'hazaar_auth_session'.
Parameters
| Parameter | Type | Description |
|---|---|---|
$config | array | associative array of session configuration options |
isEmpty
Indicates whether there is a valid authenticated session in memory.
public isEmpty(): boolA session is considered empty/invalid when required identity/payload data is missing or client fingerprint checks (user agent/IP) do not match.
read
Reads and returns the session data associated with the current session key.
public read(): voidhas
Checks if a specific key exists in the current session.
public has(string $key): boolParameters
| Parameter | Type | Description |
|---|---|---|
$key | string | the session key to check for existence |
get
Retrieves a value from the session using the specified key.
public get(string $key): mixedParameters
| Parameter | Type | Description |
|---|---|---|
$key | string | the key associated with the session value to retrieve |
set
Sets a key/value pair in the auth session payload namespace.
public set(string $key, mixed $value): voidParameters
| Parameter | Type | Description |
|---|---|---|
$key | string | session payload key |
$value | mixed | value to store |
Unsets a value from the session data associated with the given key.
public (string $key): voidParameters
| Parameter | Type | Description |
|---|---|---|
$key | string | the key of the session variable to unset |
clear
Clears all authentication-related session state and destroys the PHP session.
public clear(): voidgetToken
Retrieves the current PHP session ID token.
public getToken(): ?ExpiringTokengetRefreshToken
Retrieves the refresh token associated with the session.
public getRefreshToken(): ?ExpiringTokencreate
Creates a new session entry with the provided identity and data.
public create(string $identity, array $data): ExpiringTokenParameters
| Parameter | Type | Description |
|---|---|---|
$identity | string | the identity associated with the session |
$data | array |
load
Loads session data for the given token.
public load(string $token, ?array $sessionData, string $tokenType = 'access', ?string $passphrase): boolAttempts to set the session ID to the provided token and starts the session with specific options. If a timeout is configured, it sets the session garbage collection max lifetime accordingly. On successful session start, retrieves the session data for the configured session key.
Parameters
| Parameter | Type | Description |
|---|---|---|
$token | string | the session token to load |
$sessionData | array | |
$tokenType | string | |
$passphrase | string |
refresh
Refreshes the session using the provided token.
public refresh(string $token): boolParameters
| Parameter | Type | Description |
|---|---|---|
$token | string | the session refresh token |
getIdentity
Retrieves the identity associated with the current session.
public getIdentity(): ?stringsessionStart
Starts the PHP session with custom options.
private sessionStart(?string $sessionId, ?int $expiresIn): boolDisables cookie usage and sets session expiration if configured.
Parameters
| Parameter | Type | Description |
|---|---|---|
$sessionId | string | |
$expiresIn | int |
generateTokenString
Generates a unique token string for session authentication.
private generateTokenString(string $identity): stringUses the SHA-256 hashing algorithm on a unique identifier based on the user's identity.
Parameters
| Parameter | Type | Description |
|---|---|---|
$identity | string |
Generated by Hazaar API Doc Generator on Tue, 21 Apr 2026 04:00:24 +0000