public function __invoke(Request $req, Response $res, callable $next) { $config = $this->app['config']; if (!$config->get('sessions.enabled') || $req->isApi()) { return $next($req, $res); } $lifetime = $config->get('sessions.lifetime'); $hostname = $config->get('app.hostname'); ini_set('session.use_trans_sid', false); ini_set('session.use_only_cookies', true); ini_set('url_rewriter.tags', ''); ini_set('session.gc_maxlifetime', $lifetime); // set the session name $defaultSessionTitle = $config->get('app.title') . '-' . $hostname; $sessionTitle = $config->get('sessions.name', $defaultSessionTitle); $safeSessionTitle = str_replace(['.', ' ', "'", '"'], ['', '_', '', ''], $sessionTitle); session_name($safeSessionTitle); // set the session cookie parameters session_set_cookie_params($lifetime, '/', '.' . $hostname, $req->isSecure(), true); // register session_write_close as a shutdown function session_register_shutdown(); // install any custom session handlers $class = $config->get('sessions.driver'); if ($class) { $handler = new $class($this->app); $handler::registerHandler($handler); } session_start(); // fix the session cookie Utility::setCookieFixDomain(session_name(), session_id(), time() + $lifetime, '/', $hostname, $req->isSecure(), true); // make the newly started session in our request $req->setSession($_SESSION); return $next($req, $res); }