Session Context

The SessionContext class manages user authentication state using PSR-6 compatible cache storage.

Creating a Session Context

<?php
use ByJG\Authenticate\SessionContext;
use ByJG\Cache\Factory;

// Using PHP Session (recommended for most cases)
$sessionContext = new SessionContext(Factory::createSessionPool());

// With a custom key (optional)
$sessionContext = new SessionContext(Factory::createSessionPool(), 'myapp');

Session Storage Options

The library uses PSR-6 CachePool for session storage, allowing flexibility in how sessions are stored.

PHP Session (Default)

<?php
$sessionContext = new SessionContext(Factory::createSessionPool());

Memcached

<?php
use ByJG\Cache\Factory;

// IMPORTANT: You MUST provide a unique prefix per user
$uniquePrefix = session_id(); // or any other unique identifier
$cachePool = Factory::createMemcachedPool();
$sessionContext = new SessionContext($cachePool, $uniquePrefix);

Unique Prefixes Required

When using Memcached or other shared cache storage, you MUST define a UNIQUE prefix for each session. If two users share the same prefix, they will have unexpected authentication issues.

If you cannot create/manage unique prefixes reliably, use the regular PHP Session storage instead.

Redis

<?php
$cachePool = Factory::createRedisPool('redis://localhost:6379');
$sessionContext = new SessionContext($cachePool, $uniquePrefix);

Managing Authentication

<?php
// After validating user credentials
$sessionContext->registerLogin($userId);

Call setSessionData() after registerLogin() if you need to store extra session metadata (e.g., IP address, login time).

Check Authentication Status

<?php
if ($sessionContext->isAuthenticated()) {
    echo "User is logged in";
} else {
    echo "User is not authenticated";
}

Get Current User Info

<?php
if ($sessionContext->isAuthenticated()) {
    $userId = $sessionContext->userInfo();
    // Use $userId to fetch user details
}

Logout

<?php
$sessionContext->registerLogout();

Storing Session Data

You can store custom data in the user's session. This data exists only while the user is logged in.

Store Data

<?php
$sessionContext->setSessionData('shopping_cart', [
    'item1' => 'Product A',
    'item2' => 'Product B'
]);

$sessionContext->setSessionData('last_page', '/products');

Authentication Required

The user must be authenticated to use setSessionData(). If not, a NotAuthenticatedException will be thrown.

Retrieve Data

<?php
$cart = $sessionContext->getSessionData('shopping_cart');
$lastPage = $sessionContext->getSessionData('last_page');

Returns false if:

The user is not authenticated
The key doesn't exist

Session Data Lifecycle

Session data is stored when the user logs in
It persists across requests while the user remains logged in
It is automatically deleted when the user logs out
It is lost if the session expires

Complete Example

<?php
use ByJG\AnyDataset\Db\DatabaseExecutor;
use ByJG\AnyDataset\Db\Factory as DbFactory;
use ByJG\Authenticate\Enum\LoginField;
use ByJG\Authenticate\Model\UserModel;
use ByJG\Authenticate\Model\UserPropertiesModel;
use ByJG\Authenticate\Repository\UserPropertiesRepository;
use ByJG\Authenticate\Repository\UsersRepository;
use ByJG\Authenticate\Service\UsersService;
use ByJG\Authenticate\SessionContext;
use ByJG\Cache\Factory;

require_once 'vendor/autoload.php';

// Initialize repositories and service (same setup shown in Getting Started)
$dbDriver = DbFactory::getDbInstance('mysql://user:password@localhost/app');
$db = DatabaseExecutor::using($dbDriver);
$usersRepo = new UsersRepository($db, UserModel::class);
$propsRepo = new UserPropertiesRepository($db, UserPropertiesModel::class);
$users = new UsersService($usersRepo, $propsRepo, LoginField::Username);
$sessionContext = new SessionContext(Factory::createSessionPool());

// Login flow
if (isset($_POST['login'])) {
    $user = $users->isValidUser($_POST['username'], $_POST['password']);

    if ($user !== null) {
        $sessionContext->registerLogin($user->getUserid());
        $sessionContext->setSessionData('login_time', time());
        header('Location: /dashboard');
        exit;
    }
}

// Protected pages
if (!$sessionContext->isAuthenticated()) {
    header('Location: /login');
    exit;
}

$userId = $sessionContext->userInfo();
$user = $users->getById($userId);
$loginTime = $sessionContext->getSessionData('login_time');

echo "Welcome, " . $user->getName();
echo "Logged in at: " . date('Y-m-d H:i:s', $loginTime);

// Logout
if (isset($_POST['logout'])) {
    $sessionContext->registerLogout();
    header('Location: /login');
    exit;
}

Best Practices

Use PHP Session storage unless you have specific requirements for distributed sessions
Always check authentication before accessing protected resources
Clear sensitive session data when no longer needed
Set appropriate session timeouts based on your security requirements
Regenerate session IDs after login to prevent session fixation attacks

Next Steps

Authentication - User authentication methods
User Properties - Store persistent user data

Creating a Session Context​

Session Storage Options​

PHP Session (Default)​

Memcached​

Redis​

Managing Authentication​

Register Login​

Check Authentication Status​

Get Current User Info​

Logout​

Storing Session Data​

Store Data​

Retrieve Data​

Session Data Lifecycle​

Complete Example​

Best Practices​

Next Steps​