Session library with flash message support for Slim 4

Hi folks,

currently, Slim 4 doesn’t support an out-of-the-box solution for session handling and flash messages.

Sure, there are plenty of composer packages and libraries in the wild of the internet. Unfortunately, none of them has session handling combined with flash messages in an easy and simple way.

This circumstance led me to develop a PSR-15 compliant session library for Slim 4. Inspired by the slimness of the framework itself.

Packagist: https://packagist.org/packages/neoflow/session
GitHub: https://github.com/Neoflow/Session

The library requires PHP 7.4 or newer.

I’m not a professional developer with huge experience. PHP is my hobby and I develop mostly in my free time. But what are you thinking about the library? Any feedback?

Thanks,
rjgamer

I’m still a novice myself, but I check it out in my project. I’m currently using 2 packages to handle session and flash, so if it can do what needs done and reduce dependencies, great.

Thanks

Currently the library required PHP 7.4. But after my holidays, I will refactor the library to support PHP 7.2 and keep the compatibility to the required PHP version of Slim.

Any other feedbacks?

Hi @rjgamer Currently I’m using Symfony Session with the integrated Flash feature. But anyway, I would like to give some feedback

• Why do you use classmap and not PSR-4 as autoloader?
• The empty “files” array can be removed.
• A SessionInterface would be good for testing purpose.
• For exeptions a special SessionException class would be good instead of throwing a generic RuntimeException
• I’m writing unit- and integration tests for my routes. An example of how to test it would be nice.
• Maybe array_replace_recursive would be more appropriate here

PS: Good work

Thank you so much! I like your feedback and I will adapt the most of your points.

But I don’t get the 2nd last point. What example do you mean?

@odan @darkalchemy Thank you again for your response and feedback. I’ve published a new Beta-release a few minutes ago. Please take a look, if you want.

I can’t seem to get it to start the session when adding to middleware as per the instructions.

If I add session_start() to my middleware, the session is started. But, if I add $app->add(new Neoflow\Session\Middleware\SessionMiddleware()); to my middleware the session is not started. I’m assuming I am missing something.

Thanks

Thats strange. Are your sure the SessionMiddleware get handled by the dispatcher?

Check the source. When the SessionMiddleware starts, the session will be started:

There is no if/else statement which should prevent the middleware to start the session. Except the “session already started”-Exception.

Version 1.1.0 with dot-notation support released:

Best regards,
rjgamer

I’m worried, that maybe the middleware of the library doesn’t work proberly. Are there any devs which are willing to test the Session library?

I have tried to test it a little bit.

I added the middleware as follows:

$app->add(new \Neoflow\Session\Middleware\SessionMiddleware([
    'name' => 'app',
]));

Container

I got this error message:

Error: Entry “Neoflow\Session\Session” cannot be resolved: Entry “Neoflow\Session\FlashInterface” cannot be resolved:

So I added this into my config/container.php file and the error was gone:

use Neoflow\Session\Flash;
use Neoflow\Session\FlashInterface;
use Neoflow\Session\Session;
use Neoflow\Session\SessionInterface;

// ...
return [

	// ...
	
    SessionInterface::class => function (ContainerInterface $container) {
        return new Session($container->get(FlashInterface::class));
    },

    FlashInterface::class => function (ContainerInterface $container) {
        return new Flash();
    },
	
}

Twig

Twig integration doesn’t work in combination with a Twig container definition
because it requires a running session. Which should not the case when defining container
definitions.

$flash = $container->get(SessionInterface::class)->flash();
$twig->getEnvironment()->addGlobal('flash', $flash);

Fatal error: Uncaught Neoflow\Session\Exception\SessionException: Session not started yet.
in neoflow\session\src\Flash.php on line 25

Login test

For my login I have to clear all flash messages, but I could not find a clear method.

$flash->clear(); // Not working

The method names with *New() where a little confusing to me.

$flash->setNew('success', __('Login successfully'));

What I really miss is a method to start the session. To implement a secure login someone has to clear all session data and regenerate the session ID. The old session must be destroyed and started again. I would add a method start() to the session class (and interface). The SessionMiddleware could also use the start method to start the session.

Thanks for your feedback. The architecture of the session library cannot handle manual session start after the middleware was called. I would need to refactor the hole library and don’t have the motivation to do it soon.

I think I will archive and abandone the library. @odan’s session library in combination with Slim-Flash is also working well.

Don’t give up! There are so few people actively creating libraries specific to Slim and thus so few libraries to learn from.

I’m sorry to hear that. My goal was to spot the possible issues, which do not diminish your appreciated contribution. Please don’t give up.

@odan Can I use your session lib and extend it with dot notation and support for flash messages?

@rjgamer Currently I’m refactoring the odan/session library.

• All classes will be “final” by default. So extending will not be possible in the future.
• It’s planned to add support for dot notation and flash massages.
• Some classed will be dropped, like the old SessionDoublePassMiddleware
• Maybe I move to lib to selective/session

What do you think?

Great idea. Please contact me, if I can help you in my spare time.

Don’t archive or abandon your library. If you don’t have the motivation right now you might find it in the future.

You could simply add an issue to the repository and solicit pull requests from the community to address the issue. It’s a nice bit of code keep it alive.

This project is no longer maintained.

I recommend to use odan/session as session handler in combination with slim/flash as flash messages service.

But I’m working now on a new and “better” flash messages services than slim/flash. I will keep you informed in a new thread, as soon as my code is ready for the publicity (readme and tests are not ready yet).

FWIW I’ve used Aura.Session in the past with Slim projects for session management and flash messaging and felt it suited my purposes well. It hasn’t been updated in awhile but I still use it in a few older projects.