Odan/session not persisting data

1

Struggling with data that is not persisted to the next request.
Using Slim 4 and odan\session 6.

I’m adding session middleware to every route/request, in routes.php:

$sessionMiddleware = new SessionStartMiddleware(
    new PhpSession($sessionSettings['options'])
);

$myRoute->add($sessionMiddleware);
$myOtherRoute->add($sessionMiddleware);

Added it in the container:

PhpSession::class => DI\create()->constructor($settings['session']['options']),

So I can get it injected in my controller using the constructor:

public function __construct(
    private PhpSession $session,
) {}

Everything works. Except the data i save to the session is not showing up in a next request. Just an empty PhpSession():

$this = {\App\Auth\AuthMiddleWare} 
 session = {Odan\Session\PhpSession} 
  storage = {array[0]} 
  flash = {Odan\Session\Flash} 
   storage = {array[0]} 
   storageKey = "_flash"
  options = {array[8]} 
   id = null
   name = "app"
   lifetime = {int} 29030400
   path = null
   domain = null
   secure = false
   httponly = true
   cache_limiter = "nocache"

It’s not setting the ‘id’, is that maybe the problem?

2

Hi @reinier

I guess that the SessionStartMiddleware is not correctly (redundant) configured within the DI container. See here for a working example: odan/session Slim 4 Integration:

1 Like
3

Yes! Thank you.

Totally missed that part at the bottom of the documentation page.
I now have session and subsequently authentication working in my project :pray:

Now on to authorization :cold_sweat: Do you maybe have any recommendations for a package to implement that in Slim?

1 Like
4

I guess with Authorization, you mean some kind of “Access control” when the user is already logged in. Well, it depends,on your specific requirements, e.g., Role based or ACL.

5

I’m thinking RBAC. I already use some symfony core security classes that prepare for roles and their ‘firewalls’. I need to be able to assign roles but ideally also turn on/off specific features per user. Not sure if there is a name for that kind of access.

6

Then you may take a look at the laminas/laminas-permissions-rbac package.

1 Like