我的书签
添加书签
移除书签Sessions
Sessions
Symfony provides a session object and several utilities that you can use to store information about the user between requests.
Configuration
Sessions are provided by the HttpFoundation component, which is included in all Symfony applications, no matter how you installed it. Before using the sessions, check their default configuration:
YAML
# config/packages/framework.yamlframework:session:# enables the support of sessions in the appenabled: true# ID of the service used for session storage.# NULL means that Symfony uses PHP default session mechanismhandler_id: null# improves the security of the cookies used for sessionscookie_secure: 'auto'cookie_samesite: 'lax'
XML
<!-- config/packages/framework.xml --><?xml version="1.0" encoding="UTF-8" ?><container xmlns="http://symfony.com/schema/dic/services"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:framework="http://symfony.com/schema/dic/symfony"xsi:schemaLocation="http://symfony.com/schema/dic/serviceshttps://symfony.com/schema/dic/services/services-1.0.xsdhttp://symfony.com/schema/dic/symfony https://symfony.com/schema/dic/symfony/symfony-1.0.xsd"><framework:config><!--enabled: enables the support of sessions in the apphandler-id: ID of the service used for session storageNULL means that Symfony uses PHP default session mechanismcookie-secure and cookie-samesite: improves the security of the cookies used for sessions--><framework:session enabled="true"handler-id="null"cookie-secure="auto"cookie-samesite="lax"/></framework:config></container>
PHP
// config/packages/framework.phpuse Symfony\Config\FrameworkConfig;return static function (FrameworkConfig $framework) {$framework->session()// enables the support of sessions in the app->enabled(true)// ID of the service used for session storage// NULL means that Symfony uses PHP default session mechanism->handlerId(null)// improves the security of the cookies used for sessions->cookieSecure('auto')->cookieSamesite('lax');};
Setting the handler_id config option to null means that Symfony will use the native PHP session mechanism. The session metadata files will be stored outside of the Symfony application, in a directory controlled by PHP. Although this usually simplify things, some session expiration related options may not work as expected if other applications that write to the same directory have short max lifetime settings.
If you prefer, you can use the session.handler.native_file service as handler_id to let Symfony manage the sessions itself. Another useful option is save_path, which defines the directory where Symfony will store the session metadata files:
YAML
# config/packages/framework.yamlframework:session:# ...handler_id: 'session.handler.native_file'save_path: '%kernel.project_dir%/var/sessions/%kernel.environment%'
XML
<!-- config/packages/framework.xml --><?xml version="1.0" encoding="UTF-8" ?><container xmlns="http://symfony.com/schema/dic/services"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:framework="http://symfony.com/schema/dic/symfony"xsi:schemaLocation="http://symfony.com/schema/dic/serviceshttps://symfony.com/schema/dic/services/services-1.0.xsdhttp://symfony.com/schema/dic/symfony https://symfony.com/schema/dic/symfony/symfony-1.0.xsd"><framework:config><framework:session enabled="true"handler-id="session.handler.native_file"save-path="%kernel.project_dir%/var/sessions/%kernel.environment%"/></framework:config></container>
PHP
// config/packages/framework.phpuse Symfony\Config\FrameworkConfig;return static function (FrameworkConfig $framework) {$framework->session()// ...->handlerId('session.handler.native_file')->savePath('%kernel.project_dir%/var/sessions/%kernel.environment%');};
Check out the Symfony config reference to learn more about the other available Session configuration options. You can also store sessions in a database.
Basic Usage
The sessions is available througth the Request and the RequestStack. Symfony provides a request_stack service that is injected in your services and controllers if you type-hint an argument with Symfony\Component\HttpFoundation\RequestStack:
use Symfony\Component\HttpFoundation\RequestStack;class SomeService{private $requestStack;public function __construct(RequestStack $requestStack){$this->requestStack = $requestStack;}public function someMethod(){$session = $this->requestStack->getSession();// stores an attribute in the session for later reuse$session->set('attribute-name', 'attribute-value');// gets an attribute by name$foo = $session->get('foo');// the second argument is the value returned when the attribute doesn't exist$filters = $session->get('filters', []);// ...}}
Deprecated since version 5.3: The SessionInterface and session service were deprecated in Symfony 5.3. Instead, inject the RequestStack service to get the session object of the current request.
Stored attributes remain in the session for the remainder of that user’s session. By default, session attributes are key-value pairs managed with the Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag class.
Deprecated since version 5.3: The NamespacedAttributeBag class is deprecated since Symfony 5.3. If you need this feature, you will have to implement the class yourself.
If your application needs are complex, you may prefer to use namespaced session attributes which are managed with the Symfony\Component\HttpFoundation\Session\Attribute\NamespacedAttributeBag class. Before using them, override the session_listener service definition to build your Session object with the default AttributeBag by the NamespacedAttributeBag:
YAML
# config/services.yamlsession.factory:autoconfigure: trueclass: App\Session\SessionFactoryarguments:- '@request_stack'- '@session.storage.factory'- ['@session_listener', 'onSessionUsage']- '@session.namespacedattributebag'session.namespacedattributebag:class: Symfony\Component\HttpFoundation\Session\Attribute\NamespacedAttributeBag
XML
<!-- config/services.xml --><?xml version="1.0" encoding="UTF-8" ?><container xmlns="http://symfony.com/schema/dic/services"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://symfony.com/schema/dic/services https://symfony.com/schema/dic/services/services-1.0.xsd"><services><service id="session" class="Symfony\Component\HttpFoundation\Session\Session" public="true"><argument type="service" id="session.storage"/><argument type="service" id="session.namespacedattributebag"/><argument type="service" id="session.flash_bag"/></service><service id="session.namespacedattributebag"class="Symfony\Component\HttpFoundation\Session\Attribute\NamespacedAttributeBag"/></services></container>
PHP
// config/services.phpnamespace Symfony\Component\DependencyInjection\Loader\Configurator;use Symfony\Component\HttpFoundation\Session\Attribute\NamespacedAttributeBag;use Symfony\Component\HttpFoundation\Session\Session;return function(ContainerConfigurator $configurator) {$services = $configurator->services();$services->set('session', Session::class)->public()->args([ref('session.storage'),ref('session.namespacedattributebag'),ref('session.flash_bag'),]);$services->set('session.namespacedattributebag', NamespacedAttributeBag::class);};
Avoid Starting Sessions for Anonymous Users
Sessions are automatically started whenever you read, write or even check for the existence of data in the session. This may hurt your application performance because all users will receive a session cookie. In order to prevent that, you must completely avoid accessing the session.
More about Sessions
- Store Sessions in a Database
- Making the Locale “Sticky” during a User’s Session
- Bridge a legacy Application with Symfony Sessions
- Session Proxy Examples
This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.
