Thanks a lot. Let me know if you need/want any help.
Here is a CSRF protection package that uses Secure Session Middleware
- creates HTML form hidden input for CSRF token and injects it automatically to template engine
- super easy to use and manage
Session namespace support is added on this package now.
Very nice, thankās a lot. Iāll install and test tonight.
I made an Encryption service for Slim 3 (based on an old encryption class I wrote). Perhaps you can comment on it?
Mcrypt shouldnāt be used at all these days, i.e. https://paragonie.com/blog/2015/05/if-you-re-typing-word-mcrypt-into-your-code-you-re-doing-it-wrong
Dot notation is interesting idea and I just finished my class for it, can be used with any arrays, not just with Slim: https://github.com/adbario/php-dot-notation
But still thinking about this session, namespacing and dot notation, and how useful they are together. Basically namespacing is what dot notation gives you as well, and accessing all data is that way a bit easier than changing namespace first. Well, lets see
Basically namespacing is what dot notation gives you as well, and accessing all data is that way a bit easier than changing namespace first. Well, lets see
Iām sorry, but I disagree with your reasoning.
Namespacing gives you an automatic manner to separate your stuff (for the purpose of this discussion āyour stuffā is the stuff set in your Slim application) in session from the global session namespace. Yes, the same thing can be achieved by using dot notation, but that requires you to manually apply namespacing through dot notation on every session get/set.
These days we pull in lots of external package through composer some of which may use session to store data. If you namespace your slim session data, it means that this data is automatically separated from the stuff these these other packages place into session. It may seem like a trivial difference, but when tracing/debugging complex applications, this separation can be quite useful and is a welcome addition.
All IMHO of course
BTW, you write nice, clean and readable code. Nice job!
Fair points and it kind of makes sense. But at the same time, personally I never had any that kind of problems with session data, but it doesnāt mean that there couldnāt be any problems in future, so itās true that namespacing prevents that. And if you donāt need namespacing for your own app, it doesnāt matter as it works as an invisible layer.
Iāll connect dot notation and session management soon together, then it should be pretty solid and secure package for multiple uses.
Thanks for commenting!
Thanks for commenting!
Thanks for considering my arguments.
Package now has dot notation as well. Give it a try and throw some comments, if you have few minutes
Readme is pretty long now, as there are plenty of different ways to use sessions, but it should be pretty easy to follow.
Hi @RikuS
Iām sorry I havenāt gotten back to you yet but Iāve been stuck with a rush/emergency project which I need to get out of the way. Once that is done, Iāll test, comment and provide feedback.
Thanks for posting! Yes I used scalar type hinting which is not supported by PHP 5. Will fix that soon.
Package supports now fully both PHP 5 and 7.
Thank you, I hope to finally have some time to actually use your package; itās been a total madhouse for me over the past 2 weeks ā¦
Finally finding time to try to integrate all your packages (thanks!), unfortunately Iām running into a problem:
: composer require adbario/slim-csrf
Problem 1
- Installation request for adbario/slim-csrf ^1.0 -> satisfiable by adbario/slim-csrf[1.0.0].
- adbario/slim-csrf 1.0.0 requires adbario/slim-secure-session-middleware ~1.0.0 -> no matching package found.
It seems that the required version tag for slim-csrf is incompatible with the newest version of your slim-secure-session-middleware. Any chance you could cut a new package to fix this?
Thanks a lot in advance.
Hi! Yeah that was a mistake, fixed now. Thanks for posting!
Thank you, it now installs successfully. Will integrate and test tonight.