README

Custom PHP session handler for Nette Framework that uses MySQL database for storage.

Requirements

• nette/database 3.2+
• nette/di 3.2+
• PHP 8.2+

Installation

The preferred way to install spaze/mysql-session-handler is by using Composer:

$ composer require spaze/mysql-session-handler

Setup

After installation:

1. Create a table named sessions using SQL in sql/create.sql. The name of the table can be changed in the configuration using the tableName key, like this:

sessionHandler:
    tableName: sessions_table

1. Register the extension in your configuration file (e.g. config.neon):

	extensions:
		sessionHandler: Spaze\Session\DI\MysqlSessionHandlerExtension

Features

• For security reasons, the session id is stored in the database as an SHA-256 hash.
• Supports encrypted session storage via spaze/encryption which uses paragonie/halite which uses Sodium.
• Events that allow you, for example, to add additional columns to the session storage table.
• Multi-master replication-friendly (tested in master-master row-based replication setup).

Encrypted session storage

Follow the guide at spaze/encryption to create and configure a new encryption key.

Define a new service:

sessionEncryption: \Spaze\Encryption\Symmetric\StaticKey('session', %encryption.keys%, %encryption.activeKeyIds%)

Add the new encryption service to the session handler:

sessionHandler:
    encryptionService: @sessionEncryption

Migration from unencrypted to encrypted session storage is not (yet?) supported.

Events

onBeforeDataWrite

The event occurs before session data is written to the session table, both for a new session (when a new row is inserted) and for an existing session (when a row is updated), even if there is no change in the session data.

Additional columns

You can add a new column to the session table by calling setAdditionalData() in the event handler:

setAdditionalData(string $key, $value): void

Use it to store, for example, the user id the session belongs to. See for example this code which uses the Nette\Security\User::onLoggedIn handler to do that.

Credits

This is heavily based on MySQL Session handler by Pematon (Marián Černý & Peter Knut), thanks!