/**
* Get a new session ID that isn't assigned to any current session.
*
* @return string
*/
public function id()
{
// just return any string since the Cookie storage has no idea.
if ($this instanceof \Pimf\Session\Storages\Cookie) {
return Character::random(40);
}
// we'll find an random ID here.
do {
$session = $this->load($key = Character::random(40));
} while ($session !== null);
return $key;
}
/**
* Load the session for the current request.
*
* @param null|string $key
*/
public function load($key)
{
if ($key !== null) {
$this->session = $this->storage->load($key);
}
// If the session doesn't exist or is invalid.
if (is_null($this->session) || static::expired($this->session)) {
$this->exists = false;
$this->session = $this->storage->fresh();
}
// A CSRF token is stored in every session to protect
// the application from cross-site request
if (!$this->has(Session::CSRF)) {
$this->put(Session::CSRF, Character::random(40));
}
}
