Quick links: Content - sections - sub sections
EN FR

jSession is the object used by Jelix to initialize the storage engine. It is not used to read or store variables in session. Use $_SESSION as usual to do this task.

Configuration of the session storage is done in app/var/config/mainconfig.ini.php, in a sessions section.

Session name

You may need to change the session's name (default is PHPSESSID).

To make such a change, you can use the following configuration directive :


[sessions]
name = "mysession"

NB : only alpha-numeric chars are allowed.

File storage

Storing session files in default path may not be a good idea, as that path is often worldwide readable/writable, like /tmp/ for example.

To make jSession store sessions in your own defined path:


  [sessions]
  storage = "files"
  files_path = "app:var/sessions/"

NB : app: and lib: keywords are converted.

Database storage

You may need to store your sessions in data, for example when you are doing load-balancing with multiple front servers. In this case, jSession uses jDao:


  [sessions]
  storage = "dao"
  dao_selector = "jelix~jsession"
  dao_db_profile = ""

A default dao is provided in the jelix module. The selector is jelix~jsession.

When you install your application, if the configuration is set correctly, Jelix will create a table in your SQL database. During the development, you can execute on of these SQL script to create the table: lib/jelix/core-modules/jelix/install/sql/install_jsession.schema.*.

Here is the table:


CREATE TABLE  IF NOT EXISTS `jsessions` (
  `id` varchar(64) NOT NULL,
  `creation` datetime NOT NULL,
  `access` datetime NOT NULL,
  `data` longblob NOT NULL,
  PRIMARY KEY  (`id`)
) DEFAULT CHARSET=utf8;

It is possible to secure the session cookie, with these configuration parameters:


[sessions]
; ...
cookieSecure=off
cookieHttpOnly=on
cookieExpires=0
cookieSameSite=

They correspond to respectively cookie parameters secure, httponly, expires and samesite. See documentation of the Set-Cookie header.