2

I am building a package that implements native-like sessions in a PSR7 middleware architecture.

I created a middleware which is responsible to create and persist a session cookie. The session is also propagated in the request using withAttribute.

I want my package to embrace the same philosophy as PSR7, my sessions are immutable in their IDs. If you change the session ID, a new session is created.

The problem I am facing is that some other part of the application might want to regenerate the session ID ie after a successful login. How would the middleware know that there is a new session?

Here are a few solutions I can think of:

  • Creating a session manager that holds all sessions
  • Leave it be, if there is a new session the other middleware is responsible for it
  • Abstract away from the middleware the persistance code so that it can be reused across middlewares
nebulousGirl
  • 129
  • 3
  • http://paul-m-jones.com/archives/6310 https://www.reddit.com/r/PHP/comments/54m9yf/authentication_and_sessions_in_psr7/ – Cherif BOUCHELAGHEM Feb 15 '17 at 11:23
  • Probably long solved or abandoned, but what was the action taken? I'm in a similar state (still trying to understand PSR-7 implications as well) and am curious what people are doing when they don't use a framework. The above comment links don't really discuss persistence implementations. One of them deals with persistence by simply passing the data back and forth with each request/response cycle. – Brian Jan 26 '20 at 22:25

0 Answers0