SQLite Testing
Login
Registration
Changes
Index
Random
more
▼
Print
Referrers
Search:
Home Page
>
Users
>
Eo Ny
Difference between revisions for
Users / Eo Ny
Detailed
Simple
Source
Side by side
Inline
Merged
← Previous edit
Revision
3
as of
05/05/2026 18:39
▼
3
05/05/2026 18:39 EoNy
2
05/05/2026 18:36 EoNy
1
05/05/2026 16:15 EoNy [neues Benutzerkonto]
(49.6 KiB)
EoNy
Next edit →
Revision
4
as of
05/05/2026 18:48
▼
6
05/21/2026 16:13 WikiAdmin
5
05/19/2026 11:04 WikiAdmin
4
05/05/2026 18:48 EoNy
(49.6 KiB)
+18
EoNy
Additions:
Contents
1.
Overview
2.
Table of Contents
3.
Core Concepts
3.1.
Session State
3.2.
Session Data Storage
3.3.
Sticky Data
3.4.
Internal Tracking Variables
4.
Architecture
4.1.
Class Hierarchy
4.2.
Key Methods Categories
5.
Configuration
5.1.
Configuration Properties (Public)
5.1.1.
Session Behavior
5.1.2.
Nonce & Replay Protection
5.1.3.
Garbage Collection
5.1.4.
Cookie Settings
5.1.5.
Cache Control
5.1.6.
Security Validation
5.1.7.
HTTP Context (Set by HTTP class)
6.
Usage
6.1.
Basic Session Setup
6.2.
Session Data Access
6.3.
Session ID Management
6.4.
Session State
7.
Security Features
7.1.
1. Session ID Regeneration
7.2.
2. User Agent Validation
7.3.
3. IP Address Validation
7.4.
4. TLS/SSL Validation
7.5.
5. Anti-Replay Protection
7.6.
6. Referer Validation (Optional)
8.
API Reference
8.1.
Public Methods
8.1.1.
Lifecycle Management
8.1.1.1.
start($name = null, $id = null): bool
8.1.1.2.
write_close(): void
8.1.1.3.
restart(): bool
8.1.2.
Session Access
8.1.2.1.
id(): mixed
8.1.2.2.
name(): string
8.1.2.3.
active(): bool
8.1.2.4.
message(): string|null
8.1.2.5.
toArray(): array
8.1.3.
Nonce System
8.1.3.1.
create_nonce($action, $expires = null): string
8.1.3.2.
verify_nonce($action, $code, $protect = 0)
8.1.4.
Cookie Management
8.1.4.1.
setcookie($name, $value = null, $expires = 0, $path = null, $domain = null, $secure = null, $httponly = null, $samesite = null): bool
8.1.4.2.
get_cookie($name)
8.1.4.3.
set_cookie($name, $value, $persistent = false): void
8.1.4.4.
delete_cookie($name): void
8.1.4.5.
unsetcookie($name): void
8.2.
Protected Methods (For Store Implementation)
8.2.1.
regenerate_id($delete_old = false, $message = ''): bool
8.2.2.
store_generate_id(): string
8.2.3.
store_validate_id($id): bool
8.2.4.
store_open($name): void
8.2.5.
store_read($id, $lock = false): string|false
8.2.6.
store_write($id, $data): void
8.2.7.
store_close(): void
8.2.8.
store_gc(): void
8.3.
Private Methods (Internal Use)
8.3.1.1.
populate(): void
8.3.1.2.
write_session(): void
8.3.1.3.
clean_vars(): void
8.3.1.4.
prevent_replay(): void
8.3.1.5.
cache_limiter(): void
8.3.1.6.
set_new_id(): void
8.3.1.7.
remove_cookie($cookie): void
8.3.1.8.
nonce_index($action, $code): string (static)
9.
Session Lifecycle
9.1.
Complete Session Flow
9.2.
First Request (New Session)
9.3.
Subsequent Request (Resume Session)
9.4.
Session ID Regeneration
9.5.
Session Destruction
10.
Flash Data
10.1.
Usage
10.2.
How It Works
10.3.
Example: Login Flow
11.
Nonce System
11.1.
Terminology
11.2.
Complete Example: Form Protection
11.3.
Example: Protected Nonce (AJAX-Safe)
11.4.
Nonce Storage Format
11.5.
Security Properties
12.
Cookie Management
12.1.
Security Features
12.1.1.
Encoding
12.1.2.
Security Attributes
12.1.3.
No Duplicate Headers
12.2.
Configuration-Driven Defaults
12.3.
Typical Secure Configuration
13.
Error Handling
13.1.
Graceful Degradation
13.1.1.
Headers Already Sent
13.1.2.
Cookie Setting Failure
13.1.3.
Storage Errors
13.2.
Debug Logging
13.3.
Event Logging
14.
Implementation Guide
14.1.
Creating a Concrete Session Class
14.1.1.
File-Based Storage
14.1.2.
Database Storage (PDO)
14.1.3.
Redis Storage
14.2.
Complete Integration Example
14.3.
Configuration Best Practices
14.4.
Testing Tips
15.
Security Checklist
16.
Common Patterns
16.1.
Login Flow
16.2.
Logout Flow
16.3.
CSRF-Protected Form
16.4.
Permission Check with Session Regeneration
16.5.
Session Messages/Flash
17.
Performance Considerations
17.1.
Optimization Tips
17.2.
Benchmarks
18.
Troubleshooting
18.1.
Session Not Starting
18.2.
Cookie Not Setting
18.3.
Session ID Not Regenerating
18.4.
Nonce Verification Failing
18.5.
Session Data Lost
19.
TODO Items (From Code Comments)
20.
References
20.1.
Security Standards
20.2.
Related Code
20.3.
See Also
21.
Version History