Merge pull request #3 from byjg/1.0.1

1.0.1
byjg · Mar 20, 2018 · b12db86 · b12db86
2 parents aeec8b4 + 50ceef2
commit b12db86
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 11 deletions.
diff --git a/README.md b/README.md
@@ -29,6 +29,9 @@ To avoid this you have to create REDIS/MEMCACHED clusters.
 But if you save the session into JWT Token you do not need to create a new server.
 Just to use. 
 
+You can read more in this Codementor's article: 
+[Using JSON Web Token (JWT) as a PHP Session](https://www.codementor.io/byjg/using-json-web-token-jwt-as-a-php-session-axeuqbg1m)
+
 ## Security Information
 
 The JWT Token cannot be changed, but it can be read. 
@@ -68,6 +71,14 @@ $handler = new \ByJG\Session\JwtSession('your.domain.com', 'your super secret ke
 $handler->replaceSessionHandler(true);
 ```
 
+### Create the handler and replace the session handler, specifying cookie domain valid for all subdomains of mydomain.com
+
+```php
+<?php
+$handler = new \ByJG\Session\JwtSession('your.domain.com', 'your super secret key', null, null, '.mydomain.com');
+$handler->replaceSessionHandler(true);
+```
+
 ### How it works
 
 We store a cookie named AUTH_BEARER_<context name> with the session name. The PHPSESSID cookie is still created because

diff --git a/src/JwtSession.php b/src/JwtSession.php
@@ -1,9 +1,4 @@
 <?php
-/**
- * User: jg
- * Date: 14/02/17
- * Time: 12:52
- */
 
 namespace ByJG\Session;
 
@@ -22,19 +17,22 @@ class JwtSession implements SessionHandlerInterface
 
     protected $suffix = "default";
 
+    protected $cookieDomain;
+
     /**
      * JwtSession constructor.
      *
      * @param $serverName
      * @param $secretKey
      * @param int $timeOutMinutes
      */
-    public function __construct($serverName, $secretKey, $timeOutMinutes = 20, $sessionContext = 'default')
+    public function __construct($serverName, $secretKey, $timeOutMinutes = null, $sessionContext = null, $cookieDomain = null)
     {
         $this->serverName = $serverName;
         $this->secretKey = $secretKey;
-        $this->timeOutMinutes = $timeOutMinutes;
-        $this->suffix = $sessionContext;
+        $this->timeOutMinutes = $timeOutMinutes ?: 20;
+        $this->suffix = $sessionContext ?: 'default';
+        $this->cookieDomain = $cookieDomain;
     }
 
     public function replaceSessionHandler($startSession = true)
@@ -174,7 +172,7 @@ public function write($session_id, $session_data)
         $token = $jwt->generateToken($data);
 
         if (!headers_sent()) {
-            setcookie(self::COOKIE_PREFIX . $this->suffix, $token);
+            setcookie(self::COOKIE_PREFIX . $this->suffix, $token, null, '/', $this->cookieDomain);
         }
 
         return true;

diff --git a/webtest/index.php b/webtest/index.php
@@ -7,10 +7,9 @@
     $handler->replaceSessionHandler(true);
 } else {
     echo "<H1>JWT Session is disabled</H1>";
+    session_start();
 }
 
-session_start();
-
 ?>
 
 <h1>JwtSession Demo</h1>