API Index — Namespaces, Packages, Reports, Indices
SessionManager
in package
OpenSwoole onRequest handler for superglobals mode (App::superglobals(true)).
Invoked as a callable (via __invoke()) for every inbound HTTP request on the
worker. Responsible for:
- Resetting per-request
RequestContextstate (error/exception/shutdown stacks). - Optionally managing the PHP session lifecycle (
session_start()→ inner middleware stack →session_write_close()), gated onApp::$session_lifecycleandApp::cgiOwnsSessions(). - Wrapping the raw OpenSwoole request/response in
ZealPHP\HTTP\Request/ZealPHP\HTTP\Responseand storing them onRequestContext. - Running the per-request isolation cleanup hooks from
ext-zealphpwhencoroutine-legacymode is active (zealphp_reset_request_rtcaches,zealphp_reset_request_statics,zealphp_reset_request_class_statics).
The coroutine-mode equivalent is CoSessionManager.
Table of Contents
Properties
- $g : RequestContext
- Snapshot of the
RequestContextsingleton at construction time. - $idGenerator : string|callable
- Session ID generator: a callable or the string
'session_create_id'. - $middleware : callable
- The inner middleware callable — the PSR-15 stack entry point.
- $useCookies : bool
- Whether to read/write the session ID via cookies.
- $useOnlyCookies : bool
- Whether cookies are the only allowed transport for the session ID.
Methods
- __construct() : mixed
- Inject dependencies for the session manager.
- __invoke() : void
- Handle one inbound OpenSwoole request: set up session + context, run the middleware stack, then clean up.
- safeForFunctionIsolation() : bool
- Returns
falsewhen runningzealphp_process_state_clean()would be unsafe.
Properties
$g
Snapshot of the RequestContext singleton at construction time.
public
RequestContext
$g
$idGenerator
Session ID generator: a callable or the string 'session_create_id'.
protected
string|callable
$idGenerator
$middleware
The inner middleware callable — the PSR-15 stack entry point.
protected
callable
$middleware
$useCookies
Whether to read/write the session ID via cookies.
protected
bool
$useCookies
$useOnlyCookies
Whether cookies are the only allowed transport for the session ID.
protected
bool
$useOnlyCookies
Methods
__construct()
Inject dependencies for the session manager.
public
__construct(callable $middleware[, string|callable $idGenerator = 'session_create_id' ][, bool|null $useCookies = null ][, bool|null $useOnlyCookies = null ]) : mixed
Parameters
- $middleware : callable
-
The inner PSR-15 middleware stack entry point.
- $idGenerator : string|callable = 'session_create_id'
-
Session ID generator; defaults to
'session_create_id'. - $useCookies : bool|null = null
-
When
null, inheritssession.use_cookiesini value. - $useOnlyCookies : bool|null = null
-
When
null, inheritssession.use_only_cookiesini value.
__invoke()
Handle one inbound OpenSwoole request: set up session + context, run the middleware stack, then clean up.
public
__invoke(Request $request, Response $response) : void
Sequence (when session management is active):
- Reset per-request
RequestContextstate (error/shutdown stacks, streaming flags). - Resolve the session ID from cookie or query string; call
session_start(). - Wrap raw OpenSwoole objects in
ZealPHP\HTTP\Request/ZealPHP\HTTP\Response. - Invoke the inner middleware stack via
call_user_func($this->middleware, ...). - In the
finallyblock:session_write_close(), isolation cleanup hooks (zealphp_reset_request_rtcaches,zealphp_reset_request_statics,zealphp_reset_request_class_statics), and constant/globals cleanup.
When App::$session_lifecycle is false or App::cgiOwnsSessions() returns
true, the session lifecycle steps are skipped — context setup and cleanup
hooks still run.
Parameters
- $request : Request
-
Raw OpenSwoole request object.
- $response : Response
-
Raw OpenSwoole response object.
safeForFunctionIsolation()
Returns false when running zealphp_process_state_clean() would be unsafe.
private
static safeForFunctionIsolation() : bool
Checks registered spl_autoload callbacks: if any Composer\Autoload\ClassLoader
maps classes under App::$document_root, cleaning function/class state would
orphan those lazily-loaded classes. In that case the caller should skip the
cleanup and rely on legacy-cgi (process-isolated) mode instead.