Cookies

You may also use the \Slim\Middleware\SessionCookie middleware to persist session data in encrypted, hashedHTTP cookies. To enable the session cookie middleware, add the \Slim\Middleware\SessionCookie middleware to yourSlim application:

  1. <?php
  2. $app = new Slim();
  3. $app->add(new \Slim\Middleware\SessionCookie(array(
  4.     'expires' => '20 minutes',
  5.     'path' => '/',
  6.     'domain' => null,
  7.     'secure' => false,
  8.     'httponly' => false,
  9.     'name' => 'slim_session',
  10.     'secret' => 'CHANGE_ME',
  11.     'cipher' => MCRYPT_RIJNDAEL_256,
  12.     'cipher_mode' => MCRYPT_MODE_CBC
  13. )));

The second argument is optional; it is shown here so you can see the default middleware settings. The session cookiemiddleware will work seamlessly with the $_SESSION superglobal so you can easily migrate to this session storagemiddleware with zero changes to your application code.

If you use the session cookie middleware, you DO NOT need to start a native PHP session. The $_SESSION superglobalwill still be available, and it will be persisted into an HTTP cookie via the middleware layer rather than withPHP’s native session management.

Remember, HTTP cookies are inherently limited to only 4 kilobytes of data. If your encrypted session data will exceedthis length, you should instead rely on PHP’s native sessions or an alternate session store.

PLEASE NOTE: Client-side storage of session data is not recommended if you are dealing with sensitive information, even when using Slim's encrypted session cookie middleware. If you need to store sensitive information, you should encrypt and store the session information on your server.