Section: jSession: managing sessions
|« jWiki: generating contents from wiki contents||^ Class utilities||jMessage: short messages between actions »|
jSession is the object used by Jelix to initialize the storage engine. It is
not used to read or store variables in session. Use
$_SESSION as usual to
do this task.
Configuration of the session storage is done in
Session name ¶
You may need to change the session's name (default is PHPSESSID).
To make such a change, you can use the following configuration directive :
[sessions] name = "mysession"
NB : only alpha-numeric chars are allowed.
File storage ¶
Storing session files in default path may not be a good idea, as that path is
often worldwide readable/writable, like
/tmp/ for example.
To make jSession store sessions in your own defined path:
[sessions] storage = "files" files_path = "app:var/sessions/"
NB : app: and lib: keywords are converted.
Database storage ¶
You may need to store your sessions in data, for example when you are doing load-balancing with multiple front servers. In this case, jSession uses jDao:
[sessions] storage = "dao" dao_selector = "jelix~jsession" dao_db_profile = ""
A default dao is provided in the jelix module. The selector is
When you install your application, if the configuration is set correctly, Jelix
will create a table in your SQL database. During the development, you can
execute on of these SQL script to create the
Here is the table:
CREATE TABLE IF NOT EXISTS `jsessions` ( `id` varchar(64) NOT NULL, `creation` datetime NOT NULL, `access` datetime NOT NULL, `data` longblob NOT NULL, PRIMARY KEY (`id`) ) DEFAULT CHARSET=utf8;
Parameters for the session cookie ¶
It is possible to secure the session cookie, with these configuration parameters:
[sessions] ; ... cookieSecure=off cookieHttpOnly=on cookieExpires=0 cookieSameSite=
They correspond to respectively cookie parameters
See documentation of the Set-Cookie header.