/** * Get a new session ID that isn't assigned to any current session. * * @return string */ public function id() { // just return any string since the Cookie storage has no idea. if ($this instanceof \Pimf\Session\Storages\Cookie) { return Character::random(40); } // we'll find an random ID here. do { $session = $this->load($key = Character::random(40)); } while ($session !== null); return $key; }
/** * Load the session for the current request. * * @param null|string $key */ public function load($key) { if ($key !== null) { $this->session = $this->storage->load($key); } // If the session doesn't exist or is invalid. if (is_null($this->session) || static::expired($this->session)) { $this->exists = false; $this->session = $this->storage->fresh(); } // A CSRF token is stored in every session to protect // the application from cross-site request if (!$this->has(Session::CSRF)) { $this->put(Session::CSRF, Character::random(40)); } }