GeniXCMS
shopping_cart Sign In

Session Class

categoryAPI edit_calendar31 Mar 2026

Session Management & Storage Class

The Session class is the primary state management engine for GeniXCMS. It provides a secure, abstraction layer for handling user sessions, offering support for both standard filesystem storage and persistent, high-performance database-backed sessions via the SessionHandlerInterface.

⚡ Core Session Operations

Session::start(int $lifetime = 1)

Initializes the session engine with custom security parameters.

  • Security: Sets the httponly and samesite (Lax) cookie attributes to prevent Cross-Site Scripting (XSS).
  • Automation: Automatically groups all GeniXCMS session data under the $_SESSION['gx_sess'] namespace to avoid collisions with external modules.

Session::set($key, $value = '')

Commits data to the active session.

Input Type Usage Description
string Session::set('role', 'admin'); Sets a single key-value pair.
array Session::set(['A' => '1', 'B' => '2']); Batch updates multiple session keys.

Session::val(string $key)

Retrieves a specific value from the session namespace.

$is_authenticated = Session::val('is_logged_in');

⚙️ Persistent Database Sessions

GeniXCMS 2.0.0 supports offloading session storage to the database for improved reliability in load-balanced environments.

Configuration (inc/config/config.php)

Constant Default Description
SESSION_DB false Set to true to store sessions in the sessions table.
SESSION_EXPIRES 1 The session lifetime in hours.

🏗️ Lifecycle & Sanitation

The class implements the full SessionHandlerInterface for database interaction:

  • read() / write(): Decodes and encodes serialized session data into the sessions table.
  • gc(int $max_lifetime): Automated Garbage Collection that purges expired sessions to maintain database performance.
  • logout(): Destroys the entire session registry, clears local variables, and invalidates the session cookie.

🛠️ Security Best Practices

  • Namespace Isolation: GeniXCMS uses the gx_sess prefix to ensure your site's authentication remains isolated from other applications on the same domain.
  • Encryption: When SESSION_DB is enabled, sensitive session data is stored in the database, reducing the risk of local session hijacking in shared hosting environments.
warning
CautionSession Destruction: Calling Session::logout() is irreversible for the current request. Ensure all required data has been persisted to the database before executing a logout command.

See Also

  • User Class — How the authentication system interacts with sessions.
  • Db Class — The underlying database provider for persistent sessions.
arrow_back Previous
Security Infrastructure
Next arrow_forward
Shortcode Class