Alpha ZealPHP is early-stage and under active development. APIs may change between minor versions until v1.0. Feedback and bug reports welcome on GitHub.
API Index — Namespaces, Packages, Reports, Indices

CoSessionManager
in package

Per-coroutine session lifecycle manager (coroutine / superglobals(false) mode).

Registered as the OpenSwoole onRequest handler in coroutine mode. For each inbound request it:

  1. Creates a per-coroutine RequestContext (G) instance and populates $g->openswoole_request / $g->openswoole_response / $g->zealphp_request / $g->zealphp_response.
  2. Optionally starts a session (lazy — only when the client already holds a PHPSESSID cookie, unless SessionStartMiddleware is registered).
  3. Invokes the PSR-15 middleware stack ($this->middleware).
  4. Writes and closes the session in the finally block, then runs the per-request isolation resets for coroutine-legacy mode (zealphp_reset_request_rtcaches, zealphp_reset_request_statics, zealphp_reset_request_class_statics) when App::$silent_redeclare is active.

The session handler is resolved once per worker via App::resolveActiveSessionHandler() from App::$session_handler: null (default, unconfigured) → the inline file path (NOT auto-promoted to TableSessionHandler — #295 preserves the historical file default); 'table'TableSessionHandler (concurrent-safe; opt in explicitly); 'file'FileSessionHandler; 'redis'RedisSessionHandler; or any \SessionHandlerInterface instance passed directly.

IMPORTANT: do not call session_start() / session_write_close() directly — use the zeal_session_* uopz-overridden wrappers so state routes through $g->session rather than the process-wide $_SESSION.

Table of Contents

Properties

$idGenerator  : string|callable
Session-id generator: either a callable or the string name of a built-in function such as 'session_create_id'.
$middleware  : callable
The PSR-15 middleware stack entry point (wrapped as a callable).
$useCookies  : bool
Whether to read/write the session id via a cookie (session.use_cookies).
$useOnlyCookies  : bool
Whether to refuse session ids passed in query-string (session.use_only_cookies).

Methods

__construct()  : mixed
Inject the middleware stack callable and session configuration.
__invoke()  : void
Handle one HTTP request: set up RequestContext, optionally start the session, invoke the middleware stack, then close the session and run per-request isolation resets in the finally block.
safeForFunctionIsolation()  : bool
Returns true when it is safe to run zealphp_process_state_clean().

Properties

$idGenerator

Session-id generator: either a callable or the string name of a built-in function such as 'session_create_id'.

protected string|callable $idGenerator

$middleware

The PSR-15 middleware stack entry point (wrapped as a callable).

protected callable $middleware

$useCookies

Whether to read/write the session id via a cookie (session.use_cookies).

protected bool $useCookies

$useOnlyCookies

Whether to refuse session ids passed in query-string (session.use_only_cookies).

protected bool $useOnlyCookies

Methods

__construct()

Inject the middleware stack callable and session configuration.

public __construct(callable $middleware[, string|callable $idGenerator = 'session_create_id' ][, bool|null $useCookies = null ][, bool|null $useOnlyCookies = null ]) : mixed
Parameters
$middleware : callable

The PSR-15 stack entry point — called with (ZealPHP\HTTP\Request, ZealPHP\HTTP\Response).

$idGenerator : string|callable = 'session_create_id'

Session-id generator; defaults to 'session_create_id'.

$useCookies : bool|null = null

Override session.use_cookies; null reads the ini.

$useOnlyCookies : bool|null = null

Override session.use_only_cookies; null reads the ini.

__invoke()

Handle one HTTP request: set up RequestContext, optionally start the session, invoke the middleware stack, then close the session and run per-request isolation resets in the finally block.

public __invoke(Request $request, Response $response) : void

Called directly by OpenSwoole's onRequest event — do not call manually.

Parameters
$request : Request
$response : Response

safeForFunctionIsolation()

Returns true when it is safe to run zealphp_process_state_clean().

private static safeForFunctionIsolation() : bool

The cleanup is unsafe when a Composer autoloader maps classes inside App::$document_root — those lazily-loaded classes would have their statics reset while the require_once cache still considers them loaded, causing a mismatch on the next request. When such an autoloader is detected, cleanup is skipped for the whole worker.

Return values
bool
On this page