You are here

Home » API reference » Session Cache API 8

README.txt in Session Cache API 8

Same filename and directory in other branches
  1. 6 README.txt
  2. 7 README.txt
About sessions in D8
====================

When it comes to session data (aka $_SESSION data) Drupal core interacts with
the PHP runtime system session, registering with PHP the six functions
responsible for the opening, closing, reading, writing, garbage-collecting and
destroying of sessions. This happens during Drupal's bootstrap process, prior
to it even considering what to do with the HTTP request it just received.
[See drupal_session_initialize() in includes/session.inc, if you're interested]

For instance _drupal_session_read() is "... to support database-backed sessions.
It is called on every page load by PHP as it sets up $_SESSION. This is an
internal function and must not be called directly. Session data must always be
accessed via the $_SESSION super global."

Programmers save session data simply by assigning values to the super global
$_SESSION. This data is backed by Drupal's {sessions} db table, at least for
authenticated users...

When an authenticated user logs off and thus becomes anonymous their $_SESSION
gets destroyed via core's user_logout() function.

This can be a pain for programmer and end user alike as it causes a
discontinuity in the user experience in terms of the session data present before
and after logout.

The Session API module, drupal.org/project/session_api, helps. It returns as an
identifier not the internal session_id(), but instead an id it generates and
stores in a cookie on the user's computer. That cookie exists before AND after
logout. So while the PHP/Drupal-core generated $_SESSION gets destroyed, Session
API will return to the programmer an equivalent sid that is valid for both the
logged-in and logged-out situations.
Neat.

However Session API has limited scope (as it should) and does not itself
implement any storage against this "unified" sid. You have to do that yourself.
That's where the Session Cache API module comes in.

Session Cache API
=================

The Session Cache API is a super-simple two-function API for programmers to
access small amounts of user-specific "state". Examples are the user's
changing geographic location or a drop-down selection that is made upon first
visit and needs to be remembered for the remainder of the session, or beyond.

The module comes in particularly handy when anonymous session data needs to be
stored, which may or may not be viable using the standard $_SESSION way, due to
system infrastructure constraints imposed by a caching engine or web accelerator
like Varnish.

While this module was partly designed for the use-case of anonymous users and
caching engines, it is itself NOT for caching pages, nodes, menus or large
volumes of data. Nor should you use it to hold sensitive data like passwords,
as there is no encryption.

This module does one small job: help create a smooth experience for both users
and programmers when it comes to anonymous user session management.

This API is independent of the underlying session storage mechanism. In fact the
storage model does not enter the API. Instead it is selected through the
administrative UI to best suit the deployed system configuration.
The storage mechanisms available are:

 o cookie, i.e. store session on the user's computer
 o database, i.e. store session on the server, in a cache table
 o $_SESSION, i.e. store in server RAM, backed by core's {sessions} table

Both the cookie and database storage mechanisms offer a seamless user experience
across login/logout boundaries. You do not need to add Session API for this.

Administrators may switch the storage mechanism on the module's configuration
page at any time.

The $_SESSION option may be unsuitable when used in combination with a caching
engine like Varnish.
The cookie option can be a good solution, also because it distributes storage
foot print from the server to its clients.
All three mechanisms require the user to have cookies enabled in their browser.
In the first mechanism the session data itself is stored in a cookie, while in
the remaining two a smaller cookie is used to hold the key to the session data.
The database mechanism still works if cookies are disabled, except there will
be a discontinuity of the session data across login and logout.

NOTE: users who have cookies switched off will not be able to login, so are
doomed to remain anonymous AND will not have their session state remembered.

The API to read and write user session data is the same in all cases and
comprises these two functions:

  session_cache_set($bin, $data)
  session_cache_get($bin)

$data may be a number or string, an object, a multi-dimensional array etc.
$bin is the identifier you choose for the data you want to store. To guarantee
uniqueness, you could prefix it with the name of the module that you use this
API with.

Cookies and database session caches created through this API expire after a
UI-configurable number of hours or days. $_SESSIONs expire according to the
global configuration -- see the comments in sites/default/files/default.settings.php.

Programmers can add their own variations of the available storage mechanisms by
implementing:

  hook_session_cache_set($storage_method, $bin, $data);
  hook_session_cache_get($storage_method, $bin);

For instance you could store sessions on the file system. session_cache_file is
one implementation.

You make your storage mechanism selectable through the existing admin UI by
implementing:

  hook_form_session_cache_settings_alter(&$form, &$form_state)

and adding your mechanism description to the option list.
See session_cache_file.module for an example.

                                    * * *

File

README.txt
View source 
  1. 

  2. About sessions in D8

  3. ====================

  4. 

  5. When it comes to session data (aka $_SESSION data) Drupal core interacts with

  6. the PHP runtime system session, registering with PHP the six functions

  7. responsible for the opening, closing, reading, writing, garbage-collecting and

  8. destroying of sessions. This happens during Drupal's bootstrap process, prior

  9. to it even considering what to do with the HTTP request it just received.

  10. [See drupal_session_initialize() in includes/session.inc, if you're interested]

  11. 

  12. For instance _drupal_session_read() is "... to support database-backed sessions.

  13. It is called on every page load by PHP as it sets up $_SESSION. This is an

  14. internal function and must not be called directly. Session data must always be

  15. accessed via the $_SESSION super global."

  16. 

  17. Programmers save session data simply by assigning values to the super global

  18. $_SESSION. This data is backed by Drupal's {sessions} db table, at least for

  19. authenticated users...

  20. 

  21. When an authenticated user logs off and thus becomes anonymous their $_SESSION

  22. gets destroyed via core's user_logout() function.

  23. 

  24. This can be a pain for programmer and end user alike as it causes a

  25. discontinuity in the user experience in terms of the session data present before

  26. and after logout.

  27. 

  28. The Session API module, drupal.org/project/session_api, helps. It returns as an

  29. identifier not the internal session_id(), but instead an id it generates and

  30. stores in a cookie on the user's computer. That cookie exists before AND after

  31. logout. So while the PHP/Drupal-core generated $_SESSION gets destroyed, Session

  32. API will return to the programmer an equivalent sid that is valid for both the

  33. logged-in and logged-out situations.

  34. Neat.

  35. 

  36. However Session API has limited scope (as it should) and does not itself

  37. implement any storage against this "unified" sid. You have to do that yourself.

  38. That's where the Session Cache API module comes in.

  39. 

  40. Session Cache API

  41. =================

  42. 

  43. The Session Cache API is a super-simple two-function API for programmers to

  44. access small amounts of user-specific "state". Examples are the user's

  45. changing geographic location or a drop-down selection that is made upon first

  46. visit and needs to be remembered for the remainder of the session, or beyond.

  47. 

  48. The module comes in particularly handy when anonymous session data needs to be

  49. stored, which may or may not be viable using the standard $_SESSION way, due to

  50. system infrastructure constraints imposed by a caching engine or web accelerator

  51. like Varnish.

  52. 

  53. While this module was partly designed for the use-case of anonymous users and

  54. caching engines, it is itself NOT for caching pages, nodes, menus or large

  55. volumes of data. Nor should you use it to hold sensitive data like passwords,

  56. as there is no encryption.

  57. 

  58. This module does one small job: help create a smooth experience for both users

  59. and programmers when it comes to anonymous user session management.

  60. 

  61. This API is independent of the underlying session storage mechanism. In fact the

  62. storage model does not enter the API. Instead it is selected through the

  63. administrative UI to best suit the deployed system configuration.

  64. The storage mechanisms available are:

  65. 

  66.  o cookie, i.e. store session on the user's computer

  67.  o database, i.e. store session on the server, in a cache table

  68.  o $_SESSION, i.e. store in server RAM, backed by core's {sessions} table

  69. 

  70. Both the cookie and database storage mechanisms offer a seamless user experience

  71. across login/logout boundaries. You do not need to add Session API for this.

  72. 

  73. Administrators may switch the storage mechanism on the module's configuration

  74. page at any time.

  75. 

  76. The $_SESSION option may be unsuitable when used in combination with a caching

  77. engine like Varnish.

  78. The cookie option can be a good solution, also because it distributes storage

  79. foot print from the server to its clients.

  80. All three mechanisms require the user to have cookies enabled in their browser.

  81. In the first mechanism the session data itself is stored in a cookie, while in

  82. the remaining two a smaller cookie is used to hold the key to the session data.

  83. The database mechanism still works if cookies are disabled, except there will

  84. be a discontinuity of the session data across login and logout.

  85. 

  86. NOTE: users who have cookies switched off will not be able to login, so are

  87. doomed to remain anonymous AND will not have their session state remembered.

  88. 

  89. The API to read and write user session data is the same in all cases and

  90. comprises these two functions:

  91. 

  92.   session_cache_set($bin, $data)

  93.   session_cache_get($bin)

  94. 

  95. $data may be a number or string, an object, a multi-dimensional array etc.

  96. $bin is the identifier you choose for the data you want to store. To guarantee

  97. uniqueness, you could prefix it with the name of the module that you use this

  98. API with.

  99. 

  100. Cookies and database session caches created through this API expire after a

  101. UI-configurable number of hours or days. $_SESSIONs expire according to the

  102. global configuration -- see the comments in sites/default/files/default.settings.php.

  103. 

  104. Programmers can add their own variations of the available storage mechanisms by

  105. implementing:

  106. 

  107.   hook_session_cache_set($storage_method, $bin, $data);

  108.   hook_session_cache_get($storage_method, $bin);

  109. 

  110. For instance you could store sessions on the file system. session_cache_file is

  111. one implementation.

  112. 

  113. You make your storage mechanism selectable through the existing admin UI by

  114. implementing:

  115. 

  116.   hook_form_session_cache_settings_alter(&$form, &$form_state)

  117. 

  118. and adding your mechanism description to the option list.

  119. See session_cache_file.module for an example.

  120. 

  121.                                     * * *