SessionHelper interface ??

[Michael Peters]

Hello,

I'm working on a class for session management that implements \SessionHandlerInterface and \SessionIdInterface as well as my own interface for things like user login, user logout, global user logout.

My motivation for the session management class is to allow it to be used by a password management class so that things like automatically regenerating session ID on successful login etc. can be done by my password management class (which does things like automatically replacing hash when needed, increasing cost parameters as a function of calendar year, etc.)

But I know session management is very dependent on use case, I like to use local SQL database with PSR-16 cache for the read function but that might not work for, say, twitter scale of web application.

So my password class instead of *requiring* my session management class is just requiring a class that implements the methods beyond PHP's session management methods so someone who wants my password management class but needs a different session management class can do so.

This is what I have so far:

public function userLogin(int $userid, $accountType = null);

public function userLogout();

public function globalUserLogout();

public function getUserID();

public function getAccountType();

I'm seriously wondering if it would be worthwhile for PHP-FIG to come up with an interface that those writing a session management class can implement (in addition to the two interfaces in PHP itself) that would make it easier for web applications to switch out one session management class for another but still have the interface defined methods like globalUserLogout defined.

For getUserID() I have it return null when a user is not logged in, and for getAccountType() I also have it return null if user is not logged in or if it is not an account with special privileges.

I know some people like to use session variables for userid and account type but since I encrypt the serialized session data, it's easier to see which user account and account types are logged in if they are separate columns in the database that has the session data.

But anyway, an interface for session management helper methods that are likely to be needed but are not part of PHP core session management might be the kind of thing PHP-FIG would address in an interface?

[Steve McDougall]

Surely Sessions are just web cache though? Would they not logically make sense to follow PSR-6 CacheInterface instead?