Zend_Session utilizes ext/session and its special $_SESSION
superglobal as the storage mechanism
for session state data. While $_SESSION
is still available in the global namespace, developers
should refrain from directly accessing it, so that Zend_Session can most effectively and securely provide its
suite of session related functionality.
If no namespace is specified when instantiating Zend_Session, all data will be transparently stored in the
'Default'
namespace. The example below demonstrates use of the 'Default'
namespace
and shows how to count the number of times a user views pages on your website, add the following code to
your ZF bootstrap area (except for the echo
):
Exemple 21.1. Counting Page Views
<?php require_once 'Zend/Session.php'; $session = new Zend_Session(); $session->numberOfPageRequests++; // this will increment for each page load. echo "Page requests this session: ", $session->numberOfPageRequests; ?>
One of the many benefits of Zend_Session is that multiple modules can use Zend_Session and be provided some level of data encapsulation. Zend_Session can be passed an optional $namespace argument in the constructor, which allows other components, modules, and developer specific code to be assured that their data is protected by a partition between data areas used by other components, modules, and developer code. Namespacing provides an effective and popular way to "secure" one a subset of your session state data against accidental changes. Namespace names are restricted to character sequences represented as non-empty PHP strings that do not begin with an underscore ('_') character. Only core components included in the Zend Framework should use namespace names starting with 'Zend_'.
Exemple 21.2. New Way: Namespaces Avoid Collisions
<?php // in the Zend-Auth component require_once 'Zend/Session.php'; $auth_session = new Zend_Session('Zend_Auth'); $auth_session->user = "myusername"; // in a web services component $web_service_session = new Zend_Session('Some_Web_Service'); $web_service_session->user = "mywebusername"; ?>
The example above achieves the same effect as the code below, except that the session objects above preserve encapsulation of session data within their respective namespaces. Various checks combined with a singleton pattern in Zend_Session_Core are responsible for enforcing the encapsulation.
Zend_Session provides the full
IteratorAggregate interface
, including support for the foreach
statement:
The usual accessors are available, via the __set(), __unset(), __isset(), and __get() magic methods. The magic methods should not be used directly, except from within a subclass of Zend_Session. Instead, use the normal operators to invoke these magic methods, such as: