Customizing sessions using session_start parameters
Up until PHP 7, in order to override php.ini
settings for secure session management, you had to use a series of ini_set()
commands. This approach is extremely annoying in that you also needed to know which settings were available, and being able to re-use the same settings in other applications was difficult. As of PHP 7, however, you can supply an array of parameters to the session_start()
command, which immediately sets those values.
How to do it...
- We start by developing an
Application\Security\SessOptions
class, which will hold session parameters and also have the ability to start the session. We also define a class constant in case invalid session options are passed:namespace Application\Security; use ReflectionClass; use InvalidArgumentsException; class SessOptions { const ERROR_PARAMS = 'ERROR: invalid session options';
- Next we scan the list of
php.ini
session directives (documented at http://php.net/manual/en/session.configuration...