PHPackages miladrahimi/phpsession - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. miladrahimi/phpsession AbandonedArchivedLibrary[Security](/categories/security) miladrahimi/phpsession ====================== Free PHP session tools for neat and powerful projects! 1.6(10y ago)7431MITPHPPHP >=5.3.0 Since Jun 15Pushed 10y ago1 watchersCompare [ Source](https://github.com/miladrahimi/phpsession)[ Packagist](https://packagist.org/packages/miladrahimi/phpsession)[ Docs](http://miladrahimi.github.io/phpsession)[ RSS](/packages/miladrahimi-phpsession/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (8)DependenciesVersions (9)Used By (0) PHPSession ========== [](#phpsession) Free PHP session tools for neat and powerful projects! Documentation ------------- [](#documentation) PHPSession is a tiny package for using sessions in Object Oriented and more secured approach. There is a class named `Session` which you interact with to access an manipulate sessions. ### Installation [](#installation) #### Using Composer [](#using-composer) It's strongly recommended to use [Composer](http://getcomposer.org) to add PHPSession to your application. If you are not familiar with Composer, The article [How to use composer in php projects](http://www.miladrahimi.com/blog/2015/04/12/how-to-use-composer-in-php-projects)can be useful. After installing Composer, go to your project directory and run following command there: ``` composer require miladrahimi/phpsession ``` Or if you have `composer.json` file already in your application, you may add this package to your application requirements and update your dependencies: ``` "require": { "miladrahimi/phpsession": "~1.6" } ``` ``` composer update ``` #### Manually [](#manually) You can use your own autoloader as long as it follows [PSR-0](http://www.php-fig.org/psr/psr-0) or [PSR-4](http://www.php-fig.org/psr/psr-4) standards. In this case you can put `src` directory content in your vendor directory. ### Getting Started [](#getting-started) It's so easy to work with! ``` use MiladRahimi\PHPSession\Session; $session = new Session(); $session->set("Singer", "Pink Floyd"); echo $session->get("Singer"); ``` - Because of being compatible with dependency injection, new version is not based on Single Pattern. - The `get()` method will return `null` whenever the value doesn't exist. ### Expiration [](#expiration) In default, the session data is permanent. For security reasons, you should define lifetime for your session. PHPSession would expire the data when their lifetime had finished. ``` use MiladRahimi\PHPSession\Session; $session = new Session(); $session->setLifeTime(10); // 10 minutes lifetime! $session->set("Singer", "Bon Jovi"); ``` - Lifetime unit is minute. - 0 minute lifetime means unlimited time (it's default value). - Whenever you change lifetime its lifetime starts to get spent. ### UntrustedSession Exception [](#untrustedsession-exception) For security reasons, PHPSession holds user IP and Agent (web browser tool). It always check this info in any `get()` call to make sure current user is the real session owner. `UntrustedSession` exception will thrown if the user is suspicious. ``` use MiladRahimi\PHPSession\Session; use MiladRahimi\PHPSession\UntrustedSession; $session = new Session(); $session->set("Singer", "Selena Gomez"); try { echo $session->get("Singer"); } catch (UntrustedSession $e) { echo "You must sign in again!"; // Log the information... } ``` ### Refresh [](#refresh) PHPSession cannot recognize where exactly need to refresh the user info like IP and agent. To prevent Fixation Session Attack you should refresh sessions every successful sign in request. ``` $session->refresh(); ``` ### Session Hijacking and Fixation [](#session-hijacking-and-fixation) PHPSessions is tiny package right now. It will be better next versions, I promise! There are some security considerations in this version. It prevent Session Fixation if you call `refresh()` method after every successful sing in. It prevent simple hijackings with holding user info (IP and agent). In person, I think it's user job to prevent other threats. But your a able to implement your security approaches with PHPSession, if you see it like PHP native APIs. If you have an idea to make PHPSession more secure, I will appreciate it if you share it with us! Contributors ------------ [](#contributors) - [Milad Rahimi](http://miladrahimi.com) Homepage -------- [](#homepage) - [PHPSession](http://miladrahimi.github.io/phpsession) License ------- [](#license) PHPSession is released under the [MIT License](http://opensource.org/licenses/mit-license.php). ### Health Score 29 — LowBetter than 59% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity14 Limited adoption so far Community8 Small or concentrated contributor base Maturity63 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~6 days Total 8 Last Release 3949d ago Major Versions v0.0 → v1.02015-06-16 ### Community Maintainers ![](https://www.gravatar.com/avatar/921274b8bb29236d8f94f6c83100a5f751f6394c4c49741e1b92bfbccac0911b?d=identicon)[miladrahimi](/maintainers/miladrahimi) --- Top Contributors [![miladrahimi](https://avatars.githubusercontent.com/u/6689295?v=4)](https://github.com/miladrahimi "miladrahimi (14 commits)") --- Tags securitysessionsessionsSession Security ### Embed Badge ![Health badge](/badges/miladrahimi-phpsession/health.svg) ``` [![Health](https://phpackages.com/badges/miladrahimi-phpsession/health.svg)](https://phpackages.com/packages/miladrahimi-phpsession) ``` ### Alternatives [phpseclib/phpseclib PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc. 5.6k434.8M1.3k](/packages/phpseclib-phpseclib)[defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41478.1M118](/packages/robrichards-xmlseclibs)[spatie/laravel-csp Add CSP headers to the responses of a Laravel app 8569.6M19](/packages/spatie-laravel-csp)[aura/session Provides session management functionality, including lazy session starting, session segments, next-request-only ("flash") values, and CSRF tools. 2041.2M69](/packages/aura-session) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)