PHPackages phpsess/session-handler - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. phpsess/session-handler ActiveLibrary[Security](/categories/security) phpsess/session-handler ======================= A security-first PHP session handler 196PHPCI failing Since Oct 15Pushed 7y agoCompare [ Source](https://github.com/phpsess/session-handler)[ Packagist](https://packagist.org/packages/phpsess/session-handler)[ RSS](/packages/phpsess-session-handler/feed)WikiDiscussions master Synced 4d ago READMEChangelogDependenciesVersions (1)Used By (0) PHPSess ------- [](#phpsess) PHP Session. The way it should be. [![Build Status](https://camo.githubusercontent.com/d88f16588440067329231e6ed74f4396850597d55ab6bf9e6fb3835987fccd14/68747470733a2f2f7472617669732d63692e636f6d2f706870736573732f73657373696f6e2d68616e646c65722e7376673f6272616e63683d6d6173746572)](https://travis-ci.com/phpsess/session-handler)[![License](https://camo.githubusercontent.com/af64820b4edfdcf7c041f28fcebfc8b54b54b895099ad93fec90211349174190/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f706870736573732f73657373696f6e2d68616e646c65722e737667)](https://opensource.org/licenses/MIT)[![Maintainability](https://camo.githubusercontent.com/4b312be6326d4e282d7df37feb187a93efd4240c64a93eca0a36c261dc5d41ef/68747470733a2f2f6170692e636f6465636c696d6174652e636f6d2f76312f6261646765732f31376666636330313761636230353466643634342f6d61696e7461696e6162696c697479)](https://codeclimate.com/github/phpsess/session-handler/maintainability)[![Test Coverage](https://camo.githubusercontent.com/c458ffab396767c1e440ef5a327781e3dcabd9b697f576c523d9de0a8b862f48/68747470733a2f2f6170692e636f6465636c696d6174652e636f6d2f76312f6261646765732f31376666636330313761636230353466643634342f746573745f636f766572616765)](https://codeclimate.com/github/phpsess/session-handler/test_coverage) **----- STILL IN DEVELOPMENT -----** PHPSess is a fully featured PHP Session Handler. Anyone can write a new driver to it, making it a breeze to store the session data in **\[ New Shiny and Fast DB \]** or secure the data with **\[ New State of Art Encryption Library \]**. It implements the PHP `SessionHandlerInterface` so that you can use the session as you always did: the old and good `$_SESSION` superglobal and the `session_` functions. Of course, if you want to use the `SessionHandler` instance directly (eg. in the new shiny framework you're building), that's fine too. What it does ------------ [](#what-it-does) - Encrypts the session data in such a way that even if you have access to the session files, the source code AND the app-key, you wouldn't be able to decrypt it; - Prevents session fixation: if a non-existent session-id is given, a new one is generated instead of accepting arbitrary ids from the request; - Session locking: if two requests try to manipulate the session at the same time, one will have to wait for the session to be unlocked; - Warn about insecure session ini settings. Quick Start ----------- [](#quick-start) Require the core Session Handler, the [Storage](https://github.com/phpsess/session-handler/wiki/Storage-Drivers)and [Encryption](https://github.com/phpsess/session-handler/wiki/Encryption-Drivers) drivers: ``` composer require phpsess/session-handler phpsess/file-storage phpsess/openssl-encryption ``` Init the drivers and pass them to the Session Handler: ``` use PHPSess\SessionHandler; use PHPSess\Storage\FileStorage; use PHPSess\Encryption\OpenSSlEncryption; $sessEncryption = new OpenSSLEncryption('a-strong-random-SECRET-app-key'); $sessStorage = new FileStorage(); ``` Create a instance of the Session Handler and register it to the PHP engine: ``` $sessionHandler = new SessionHandler($sessEncryption, $sessStorage); session_set_save_handler($sessionHandler); ``` After registering you can use the build in `session_` functions `$_SESSION` superglobal as always: ``` session_start(); $_SESSION['pass'] = 'mySecretP@ss123'; echo $_SESSION['pass']; ``` ### Health Score 21 — LowBetter than 19% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity11 Limited adoption so far Community6 Small or concentrated contributor base Maturity39 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://avatars.githubusercontent.com/u/22180887?v=4)[Ayrton Fidelis](/maintainers/ayrtonvwf)[@ayrtonvwf](https://github.com/ayrtonvwf) --- Top Contributors [![ayrtonvwf](https://avatars.githubusercontent.com/u/22180887?v=4)](https://github.com/ayrtonvwf "ayrtonvwf (152 commits)") ### Embed Badge ![Health badge](/badges/phpsess-session-handler/health.svg) ``` [![Health](https://phpackages.com/badges/phpsess-session-handler/health.svg)](https://phpackages.com/packages/phpsess-session-handler) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[roave/security-advisories Prevents installation of composer packages with known security vulnerabilities: no API, simply require it 2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 86917.5M63](/packages/bjeavons-zxcvbn-php)[enlightn/security-checker A PHP dependency vulnerabilities scanner based on the Security Advisories Database. 33732.2M110](/packages/enlightn-security-checker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)