Releases: PhpGt/Session
Same-site cookie option
After enhancing the default security options in v1.1.5, this has added difficulty to some users when developing locally (as a strict same-site cookie option causes lots of issues on localhost or 127.* IPs). The default option is now changed to Same-site: Lax, which introduces the cookie option but doesn't enforce the strict policy on localhost.
CI and QA improvements
Matrix builds are now standard for every push, building on all supported PHP versions concurrently.
During the CI process, three QA tools are introduced: Mess Detector, Code Sniffer and PHPStan.
Have fun!
Minor type improvement
This minor patch release allows any ArrayAccess object to be used as Config - this is used in WebEngine by passing a ConfigSection object.
PHP 8.1 compatibility
PHP 8.1 deprecation notices are handled in this minor patch release.
Minor improvements
In this minor patch release:
- Dependency updates
- Improvements to unit tests
- Use PHP's internal serialisation for session data
Silently recover from destroyed session
In this patch release, you'll see a newly improved CI pipeline, now fully utilising Github Actions.
The only changed functionality seen in this release is to silently fail on a session_destroy call, which occurs if the tmp file is removed/damaged at session start. The failure is now silent, which means that there will be no risk in accidentally sending the headers early if the error reporting is set to all.
Destroy corrupt sessions
In the improbable (but possible) event that a session is corrupted (think load balanced app after being upgraded to new release), this release destroys the session and silently starts a new one.
With this release comes some improvements to the unit tests, see the commit history for more information.
SessionContainer and SessionArrayWrapper
One new class and an interface is provided in this release.
The SessionContainer interface defines extremely simple functionality: get, set, contains and remove functions. This interface is applied to the Session class and the contained SessionStore class.
Why introduce such a simple interface? This is so that other PHP.Gt applications built using WebEngine will be able to be build in a way that their components become inter-operable with other projects that do not use the PHP.Gt/Session functionality.
This is why the SessionArrayWrapper class has been introduced, which too also implements the SessionContainer interface. This class takes an array in the constructor and stores it internally by reference, which means projects that use the $_SESSION superglobal can now make use of PHP.Gt features, and vice-versa.
Stable release
This repository has been in use within WebEngine applications for the last few months with no changes to functionality. With the focus being on a stable v3 release of PhpGt/WebEngine, this release is rather boring - just a bump in dependencies and removal of the "dev" minimum stability flag.
June 2019 minor improvement
When referring to Session namespaces, if a namespace hadn't been initialised, the library would fail. Now an empty store is created before any additions/removals of stores are called, fixing the error caused by the uninitialised variable.
Amongst this bugfix, PHPUnit has been bumped to latest version.