background preloader

Yii Session Handling

Facebook Twitter

Using Sessions. I haven’t written much about the Yii framework lately, mostly because I’ve been working night and day on the fourth edition of my “PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide” book, due out late summer 2011.

Using Sessions

So I figured I’d put together another little blurb on the Yii framework (by regularly putting out posts on Yii, it’ll be that much easier when I go to write a book on Yii later this summer). In this post, I’m going to talk about using sessions Yii-based sites (in a separate post, I’ll discuss cookies). While not at all hard, the topic, like quite a few things, is not obvious in Yii, or well documented. The first thing to know about using sessions in Yii is that you don’t have to do anything to enable them, which is to say you don’t have to invoke session_start(), as you would in a standard PHP script.

This is the behavior with Yii’s autoStart session property set to true, which is the default. And that’s all there is to it. So…what else? Session Extention. An enhaced version of CDbHttpSession which extra checks for Full Ip Address/Partial Ip Address and User Agent This extension does some extra security checks on the user IP address and User Agent.

session Extention

It is fully customizable and you can enable/disable the checks when you need. If no extra check is enabled, then the default behavior is exactly the same as the original Yii CDbHttpSession Class. Beside the configuration options provided by original Yii CDbHttpSession Class, this extension provides following 3 options: 1)compareIpBlocks- (integer) How many blocks from the ip address should be compared (defaults to 0). Requirements ¶ Yii 1.1 (checked with Yii 1.1.5) Usage ¶ You need to add MyCDbHttpSession.php file into your components directory, then edit your config file, main.php in the components area like: Be careful at the option "autoCreateSessionTable", after you create your table, set it to false.

The table structure: This class has been tested, but it would help if i can get some feedback. CHttpSession. Look up a class, method, property or event CHttpSession provides session-level data management and the related configurations.


To start the session, call open(); To complete and send out session data, call close(); To destroy the session, call destroy(). If autoStart is set true, the session will be started automatically when the application component is initialized by the application. CHttpSession can be used like an array to set and get session data.

For example, $session=new CHttpSession; $session->open(); $value1=$session['name1']; // get session variable 'name1' $value2=$session['name2']; // get session variable 'name2' foreach($session as $name=>$value) // traverse all session variables $session['name3']=$value3; // set session variable 'name3' The following configurations are available for session: See the corresponding setter and getter documentation for more information. CHttpSession can be extended to support customized session storage. Public Properties Hide inherited properties.

Arrays in session. Having several Yii apps sharing the same session, I REALLY needed a way of dividing the variables as several developers are working on the project and it would be simply impossible to make sure one wasn't overwriting data of another.

arrays in session

I decided to use objects instead of arrays though as this will allow greater flexibility in the future. Additionally, it would be possible to use an object implementing ArrayAccess if array style access becomes important. Now, for the code. Here is my modified session class : class MySession extends CHttpSession{ public function setInstance($sessionName, $className='stdClass') { if (! When I need to add a division, I declare it like so : class MyWebUser extends CWebUser{ public function afterLogin($fromCookie) { Yii::app()->session->setInstance('secretData'); Yii::app()->session['secretData']->secret = 'superSecretThing'; ... though of course this could be anywhere.