Session Management
TinyMVC provides comprehensive session management through the Session class, offering
methods to store, retrieve, check, and delete session variables, as well as regenerate and destroy
sessions.
Basic Usage
// Get session instance
$session = session();
// Store data in session
$session->set('user_id', 123);
$session->set('username', 'john_doe');
// Retrieve data from session
$userId = $session->get('user_id');
$username = $session->get('username', 'guest'); // with default value
// Check if session key exists
if ($session->has('user_id')) {
// User is logged in
}
// Remove session data
$session->delete('username');Flash Messages
Flash messages are temporary session data that persist only until the next request.
// Set flash message
$session->flash('success', 'Your changes have been saved!');
$session->flash('error', 'Please fix the errors below.');
// Retrieve flash messages (automatically cleared after retrieval)
$successMessage = $session->getFlash('success');
$errorMessage = $session->getFlash('error', 'No errors found.');
// Check if flash message exists
if ($session->hasFlash('success')) {
// Display success message
}
// Clear all flash messages
$session->clearFlash();Session Security
// Regenerate session ID (prevents session fixation attacks)
$session->regenerate(true); // true = delete old session
// Get current session ID
$sessionId = $session->id();
// Destroy session (log out user)
$session->destroy();Advanced Session Operations
// Get all session data
$allSessionData = $session->all();
// Close session early (writes data to storage)
$session->close();
// Check if session is active
if (session()->isStarted()) {
// Session is active
}Dependency Injection
public function updateProfile(Request $request, Session $session)
{
$userData = $request->validate([...]);
// Store success message in flash session
$session->flash('success', 'Profile updated successfully!');
return redirect('/profile');
}Security Best Practices
- Always regenerate session ID after login to prevent session fixation
- Store minimal sensitive data in sessions
- Set appropriate session cookie parameters (secure, httponly, samesite)
- Implement proper session expiration policies
- Destroy sessions completely on logout
Full Examples
User Authentication Workflow
public function login(Request $request, Session $session)
{
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials)) {
// Regenerate session to prevent fixation
$session->regenerate(true);
// Store user data in session
$session->set('user_id', Auth::id());
$session->set('user_role', Auth::user('role'));
// Set welcome message
$session->flash('success', 'Welcome back!');
return redirect('/dashboard');
}
$session->flash('error', 'Invalid credentials');
return back()->withInput();
}
public function logout(Session $session)
{
// Destroy session completely
$session->destroy();
return redirect('/login');
}Form Submission with Flash Messages
public function storeContactForm(Request $request, Session $session)
{
$validated = $request->validate([
'name' => 'required',
'email' => 'required|email',
'message' => 'required'
]);
// Save to database
Contact::create($validated);
// Set success message
$session->flash('success', 'Your message has been sent!');
return redirect('/contact');
}
// In your view template:
@if (session()->hasFlash('success'))
<div class="alert alert-success">
{{ session()->getFlash('success') }}
</div>
@endif