PHPackages                             hydrakit/session - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Framework](/categories/framework)
4. /
5. hydrakit/session

ActiveLibrary[Framework](/categories/framework)

hydrakit/session
================

Session library for Hydra PHP framework

v0.2.0(yesterday)024↑100%5MITPHP &gt;=8.2

Since Jul 6Compare

[ Source](https://github.com/hydra-foundation/session)[ Packagist](https://packagist.org/packages/hydrakit/session)[ RSS](/packages/hydrakit-session/feed)WikiDiscussions Synced today

READMEChangelogDependencies (5)Versions (4)Used By (5)

Hydra Session
=============

[](#hydra-session)

A request-scoped key/value store that persists across requests for one client, backed by native `$_SESSION` behind two deliberately split interfaces. The data surface goes to controllers; the lifecycle surface is held only by the framework's session middleware.

The two surfaces
----------------

[](#the-two-surfaces)

`SessionInterface` is everyday data — `get`/`set`/`has`/`remove`/`all`/`clear`, the `id`/`regenerate` controls for a privilege change, and `flash`/`getFlash`for values that live exactly one request. Falsy values (`'0'`, `0`, `false`, `''`) are real stored values; only an absent key is "missing".

`SessionLifecycleInterface` (`start`/`save`) is held only by `StartSessionMiddleware`, which opens the session on the way in and persists it on the way out. Keeping these methods off the data surface is the boundary: a controller literally cannot close the session early and lose later writes.

```
$session->set('cart', $items);
$session->flash('status', 'Saved.');     // readable only on the next request
$session->regenerate();                  // on a privilege change
```

Config
------

[](#config)

`SessionConfig` maps directly onto PHP's session cookie params and is built once from the environment. Defaults are safe-by-default for a first-party app: http-only, `Lax` same-site, session-length cookie. `secure` defaults to false so local http works out of the box — set `SESSION_SECURE=true` over https. Invalid combinations (a bad `SameSite`, or `None` without `secure`) fail loudly at construction rather than flowing silently into PHP.

Lifecycle and scope
-------------------

[](#lifecycle-and-scope)

Session data is only valid inside the window `StartSessionMiddleware` brackets around the request — every accessor throws `LogicException` outside it, so a read of stale state or a write that would never persist fails loud. The store is a request-scoped singleton and relies on Hydra building one container per request; see [docs/one-container-per-request.md](docs/one-container-per-request.md)for the full contract and the worker-runtime boundary.

###  Health Score

40

—

FairBetter than 86% of packages

Maintenance100

Actively maintained with recent releases

Popularity8

Limited adoption so far

Community5

Small or concentrated contributor base

Maturity38

Early-stage or recently created project

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~1 days

Total

3

Last Release

1d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/a947272da0bf1d7d6326b4fbf6ddb8049977cbdbe333d0d1282dbb6f5927dfdf?d=identicon)[whleucka](/maintainers/whleucka)

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/hydrakit-session/health.svg)

```
[![Health](https://phpackages.com/badges/hydrakit-session/health.svg)](https://phpackages.com/packages/hydrakit-session)
```

###  Alternatives

[cakephp/cakephp

The CakePHP framework

8.9k19.5M1.8k](/packages/cakephp-cakephp)[typo3/cms

TYPO3 CMS is a free open source Content Management Framework initially created by Kasper Skaarhoj and licensed under GNU/GPL.

1.2k1.9M122](/packages/typo3-cms)[cakephp/authentication

Authentication plugin for CakePHP

1214.1M106](/packages/cakephp-authentication)[typo3/cms-core

TYPO3 CMS Core

3713.2M5.2k](/packages/typo3-cms-core)[windwalker/framework

The next generation PHP framework.

25740.3k1](/packages/windwalker-framework)[sunrise/http-router

A powerful solution as the foundation of your project.

17451.8k10](/packages/sunrise-http-router)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
