PHPackages solophp/session - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. solophp/session ActiveLibrary[Security](/categories/security) solophp/session =============== Secure PHP Session Handler with advanced security features v2.0.0(5mo ago)095MITPHPPHP >=8.1 Since Jul 13Pushed 5mo ago1 watchersCompare [ Source](https://github.com/SoloPHP/Session)[ Packagist](https://packagist.org/packages/solophp/session)[ RSS](/packages/solophp-session/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (5)Dependencies (3)Versions (6)Used By (0) PHP Session Handler =================== [](#php-session-handler) [![Latest Version on Packagist](https://camo.githubusercontent.com/d04e594836b1c212cce3906a18c6533c0eea317545784722c1bce45dcb551730/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f736f6c6f7068702f73657373696f6e2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/solophp/session)[![License](https://camo.githubusercontent.com/ff8ec03061ccaecfe5d328e46969d444e6cebd3325f308ee70c0c03dfa7c87c6/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f736f6c6f7068702f73657373696f6e2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/solophp/session)[![PHP Version](https://camo.githubusercontent.com/0380ab70a21b532cb40353a2ea30e2b0f9e78a1c5b0e72979db6e0a175eb4b20/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f736f6c6f7068702f73657373696f6e2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/solophp/session) Secure PHP session handler with advanced security features and session management. Features -------- [](#features) - Secure session configuration out of the box - Session timeout management (idle timeout) - Session integrity checks (IP and User-Agent validation) - Protection against session fixation attacks - Strict session management - Cookie security controls - Session status monitoring Requirements ------------ [](#requirements) - PHP 8.1 or higher Installation ------------ [](#installation) ``` composer require solophp/session ``` Basic Usage ----------- [](#basic-usage) ``` use Solo\Session\Session; // Create session with default secure settings $session = new Session(); // Store data $session->set('user', $userData); // Get data $userData = $session->get('user'); // Check if data exists if ($session->has('user')) { // ... } // Remove data $session->unset('user'); // Clear all data $session->clear(); // Completely destroy session $session->destroy(); ``` Configuration ------------- [](#configuration) ``` $session = new Session( lifetime: 1800, // Idle timeout in seconds (default: 1800 = 30 minutes) expireOnClose: true, // Delete session cookie when browser closes (default: true) secure: true, // Require HTTPS (default: true) httpOnly: true, // Prevent JavaScript access (default: true) sameSite: 'Strict', // CSRF protection: 'Strict'|'Lax'|'None' (default: 'Strict') path: '/', // Cookie path (default: '/') domain: '', // Cookie domain (default: '') useStrictMode: true, // Enable strict mode (default: true) useCookiesOnly: true // Prevent session ID in URLs (default: true) ); ``` ### Configuration Options [](#configuration-options) ParameterTypeDefaultDescription`lifetime`int1800Idle timeout in seconds. Session expires after this period of inactivity.`expireOnClose`booltrueIf true, session cookie is deleted when browser closes. If false, cookie persists for `lifetime` seconds.`secure`booltrueOnly send cookie over HTTPS.`httpOnly`booltruePrevent JavaScript access to session cookie.`sameSite`string'Strict'CSRF protection level: 'Strict', 'Lax', or 'None'.`path`string'/'Cookie path.`domain`string''Cookie domain.`useStrictMode`booltrueReject uninitialized session IDs.`useCookiesOnly`booltruePrevent session ID from being passed via URL.Security Features ----------------- [](#security-features) ### Session Timeout [](#session-timeout) Sessions automatically expire after a period of inactivity (default 30 minutes): ``` // Check if session has expired if ($session->isExpired()) { // Handle expired session } // Get last activity timestamp $lastActivity = $session->getLastActivity(); // Get session creation timestamp $createdAt = $session->getCreatedAt(); ``` ### Session Integrity [](#session-integrity) Sessions are validated against: - User's IP address - User's browser (User-Agent) - Session initiation status ### Cookie Security [](#cookie-security) Secure cookie settings: - HttpOnly flag - Secure flag (HTTPS only) - SameSite attribute - Configurable domain and path - Optional expiration on browser close Available Methods ----------------- [](#available-methods) ### Data Management [](#data-management) ``` // Get value with default fallback $value = $session->get('key', 'default'); // Set value $session->set('key', 'value'); // Check existence $exists = $session->has('key'); // Remove specific key $session->unset('key'); // Get all session data $allData = $session->all(); // Clear all data $session->clear(); ``` ### Session Management [](#session-management) ``` // Regenerate session ID $session->regenerateId(); // Destroy session completely $session->destroy(); // Get current session ID $id = $session->getCurrentId(); // Get session cookie name $name = $session->getCookieName(); // Get session save path $path = $session->getSavePath(); // Get session status $status = $session->getStatus(); // Get configured lifetime $lifetime = $session->getLifetime(); // Get session creation time $createdAt = $session->getCreatedAt(); ``` Session Status Values --------------------- [](#session-status-values) - `PHP_SESSION_DISABLED` = 0 - `PHP_SESSION_NONE` = 1 - `PHP_SESSION_ACTIVE` = 2 Development ----------- [](#development) ### Running Tests [](#running-tests) ``` composer test ``` ### Static Analysis [](#static-analysis) ``` composer analyse ``` ### Code Style [](#code-style) Check code style: ``` composer cs-check ``` Fix code style: ``` composer cs-fix ``` ### Run All Quality Checks [](#run-all-quality-checks) ``` composer quality ``` Best Practices -------------- [](#best-practices) 1. Always use HTTPS in production (`secure: true`) 2. Set appropriate lifetime values for your application 3. Consider using 'Strict' SameSite setting for better security 4. Monitor session activity using provided methods 5. Handle expired sessions appropriately 6. Use session regeneration for sensitive operations License ------- [](#license) MIT ### Health Score 37 — LowBetter than 83% of packages Maintenance70 Regular maintenance activity Popularity9 Limited adoption so far Community7 Small or concentrated contributor base Maturity52 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~125 days Total 5 Last Release 171d ago Major Versions v1.2.0 → v2.0.02025-11-28 PHP version history (2 changes)v1.0.0PHP >=7.4 v1.1.0PHP >=8.1 ### Community Maintainers ![](https://www.gravatar.com/avatar/2f29817cec408d033cd4441c8f760e3ae40248dc0f66856a09080d282aee6959?d=identicon)[Vitaliy Olos](/maintainers/Vitaliy%20Olos) --- Top Contributors [![SoloPHP](https://avatars.githubusercontent.com/u/175482616?v=4)](https://github.com/SoloPHP "SoloPHP (8 commits)") --- Tags phpsecuritysessionphp sessionsession handler ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP\_CodeSniffer Type Coverage Yes ### Embed Badge ![Health badge](/badges/solophp-session/health.svg) ``` [![Health](https://phpackages.com/badges/solophp-session/health.svg)](https://phpackages.com/packages/solophp-session) ``` ### Alternatives [asbiin/laravel-webauthn Laravel Webauthn support 309574.8k](/packages/asbiin-laravel-webauthn) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)