From e2d2bab73e85b9b0c0c094423e9a840c7aa4f733 Mon Sep 17 00:00:00 2001 From: Joao Gilberto Magalhaes Date: Thu, 27 Sep 2018 21:27:19 -0500 Subject: [PATCH 1/4] Update issue #6 --- src/JwtSession.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/JwtSession.php b/src/JwtSession.php index a603b49..decedde 100644 --- a/src/JwtSession.php +++ b/src/JwtSession.php @@ -78,7 +78,7 @@ public function close() public function destroy($session_id) { if (!headers_sent()) { - setcookie(self::COOKIE_PREFIX . $this->suffix, null); + setcookie(self::COOKIE_PREFIX . $this->suffix, null, (time()-3000) , '/', $this->cookieDomain); } return true; @@ -172,7 +172,7 @@ public function write($session_id, $session_data) $token = $jwt->generateToken($data); if (!headers_sent()) { - setcookie(self::COOKIE_PREFIX . $this->suffix, $token, null, '/', $this->cookieDomain); + setcookie(self::COOKIE_PREFIX . $this->suffix, $token, (time()+$this->timeOutMinutes*60) , '/', $this->cookieDomain); if (defined("SETCOOKIE_FORTEST")) { $_COOKIE[self::COOKIE_PREFIX . $this->suffix] = $token; } From 628c90b643f6207c4c141389406ce04e58bba241 Mon Sep 17 00:00:00 2001 From: Joao Gilberto Magalhaes Date: Mon, 26 Nov 2018 20:03:12 -0600 Subject: [PATCH 2/4] Update issue #8 --- src/JwtSession.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/JwtSession.php b/src/JwtSession.php index decedde..da4c3d2 100644 --- a/src/JwtSession.php +++ b/src/JwtSession.php @@ -172,7 +172,15 @@ public function write($session_id, $session_data) $token = $jwt->generateToken($data); if (!headers_sent()) { - setcookie(self::COOKIE_PREFIX . $this->suffix, $token, (time()+$this->timeOutMinutes*60) , '/', $this->cookieDomain); + setcookie( + self::COOKIE_PREFIX . $this->suffix, + $token, + (time()+$this->timeOutMinutes*60) , + '/', + $this->cookieDomain, + false, + true + ); if (defined("SETCOOKIE_FORTEST")) { $_COOKIE[self::COOKIE_PREFIX . $this->suffix] = $token; } From cc1bc95227d0d59163a59f1409b154c0176ca126 Mon Sep 17 00:00:00 2001 From: Joao Gilberto Magalhaes Date: Mon, 26 Nov 2018 20:07:06 -0600 Subject: [PATCH 3/4] Update issue #7 --- src/JwtSession.php | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/src/JwtSession.php b/src/JwtSession.php index da4c3d2..7979e00 100644 --- a/src/JwtSession.php +++ b/src/JwtSession.php @@ -19,6 +19,8 @@ class JwtSession implements SessionHandlerInterface protected $cookieDomain; + protected $path = "/"; + /** * JwtSession constructor. * @@ -26,15 +28,20 @@ class JwtSession implements SessionHandlerInterface * @param $secretKey * @param int $timeOutMinutes */ - public function __construct($serverName, $secretKey, $timeOutMinutes = null, $sessionContext = null, $cookieDomain = null) + public function __construct($serverName, $secretKey, $timeOutMinutes = null, $sessionContext = null, $cookieDomain = null, $path = "/") { $this->serverName = $serverName; $this->secretKey = $secretKey; $this->timeOutMinutes = $timeOutMinutes ?: 20; $this->suffix = $sessionContext ?: 'default'; $this->cookieDomain = $cookieDomain; + $this->path = "/"; } + /** + * @param bool $startSession + * @throws JwtSessionException + */ public function replaceSessionHandler($startSession = true) { if (session_status() != PHP_SESSION_NONE) { @@ -78,7 +85,13 @@ public function close() public function destroy($session_id) { if (!headers_sent()) { - setcookie(self::COOKIE_PREFIX . $this->suffix, null, (time()-3000) , '/', $this->cookieDomain); + setcookie( + self::COOKIE_PREFIX . $this->suffix, + null, + (time()-3000), + $this->path, + $this->cookieDomain + ); } return true; @@ -176,7 +189,7 @@ public function write($session_id, $session_data) self::COOKIE_PREFIX . $this->suffix, $token, (time()+$this->timeOutMinutes*60) , - '/', + $this->path, $this->cookieDomain, false, true From 704a774f09b002ecfadff6b6f37376f8c624ed9d Mon Sep 17 00:00:00 2001 From: Joao Gilberto Magalhaes Date: Thu, 29 Nov 2018 22:35:58 -0600 Subject: [PATCH 4/4] Add opensource.byjg.com github page --- README.md | 23 +++++++++++++---------- _config.yml | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 10 deletions(-) create mode 100644 _config.yml diff --git a/README.md b/README.md index c36456d..73875bd 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,13 @@ # JwtSession +[![Opensource ByJG](https://img.shields.io/badge/opensource-byjg.com-brightgreen.svg)](http://opensource.byjg.com) [![Build Status](https://travis-ci.org/byjg/jwt-session.svg?branch=master)](https://travis-ci.org/byjg/jwt-session) [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/byjg/jwt-session/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/byjg/jwt-session/?branch=master) JwtSession is a PHP session replacement. Instead of use FileSystem, just use JWT TOKEN. The implementation following the SessionHandlerInterface. -## How to use: +# How to use: Before the session_start() use the command: @@ -18,7 +19,7 @@ session_set_save_handler($handler, true); Now, all your `$_SESSION` variable will be saved directly to a JWT Token!! -## Motivation +# Motivation The default PHP Session does not work in different servers using round robin or other algorithms. This occurs because PHP Session are saved by default in the file system. @@ -39,15 +40,15 @@ The JWT Token cannot be changed, but it can be read. This implementation save the JWT into a client cookie. Because of this _**do not** store in the JWT Token sensible data like passwords_. -## Install +# Install ``` composer require "byjg/jwt-session=1.0.*" ``` -## Customizations +# Customizations -### Setting the validity of JWT Token +## Setting the validity of JWT Token ```php replaceSessionHandler(true); ``` -### Create the handler and replace the session handler, specifying cookie domain valid for all subdomains of mydomain.com +## Create the handler and replace the session handler, specifying cookie domain valid for all subdomains of mydomain.com ```php replaceSessionHandler(true); ``` -### How it works +## How it works We store a cookie named AUTH_BEARER_ with the session name. The PHPSESSID cookie is still created because -PHP create it by default but we do not use it; \ No newline at end of file +PHP create it by default but we do not use it; + + diff --git a/_config.yml b/_config.yml new file mode 100644 index 0000000..ca623c6 --- /dev/null +++ b/_config.yml @@ -0,0 +1,53 @@ +name: jwt-session + +project: + version: 1.0.0 + download_url: https://github.com/byjg/jwt-session/releases + +license: + software: MIT + software_url: https://opensource.org/licenses/MIT + + docs: MIT + docs_url: https://opensource.org/licenses/MIT + +git_edit_address: https://github.com/byjg/jwt-session/blob/master/ + +links: + header: + - title: GitHub + url: https://github.com/byjg/jwt-session + - title: ByJG + url: https://opensource.byjg.com/ + footer: + - title: GitHub + url: https://github.com/byjg/jwt-session + - title: Issues + url: https://github.com/byjg/jwt-session/issues + +ui: + header: + color1: "#080331" + color2: "#0033cc" + trianglify: true + +social: + github: + user: byjg + repo: jwt-session + twitter: + enabled: false + via: + hash: opensourcebyjg + account: + facebook: + enabled: false + profileUrl: + +analytics: + google: UA-130014324-1 + +# Build settings +markdown: kramdown +remote_theme: allejo/jekyll-docs-theme +