GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → byjg → jwt-session

byjg / jwt-session

Licence: other
JwtSession is a PHP session replacement. Instead of use FileSystem, just use JWT TOKEN. The implementation follow the SessionHandlerInterface.

Programming Languages

PHP
23972 projects - #3 most used programming language

Labels

jwthandlerstatelessjwt-tokenstateless-componentsphp-sessionsjwtsession

Projects that are alternatives of or similar to jwt-session

express-mongo-jwt-boilerplate
Express Mongo JsonWebToken boilerplate
Stars: ✭ 100 (+138.1%)
Mutual labels:  jwt-token
koa-better-error-handler
A better error-handler for Lad and Koa. Makes `ctx.throw` awesome (best used with koa-404-handler)
Stars: ✭ 51 (+21.43%)
Mutual labels:  handler
CoreLooper
No description or website provided.
Stars: ✭ 34 (-19.05%)
Mutual labels:  handler
next-test-api-route-handler
🚀✨ Confidently unit test your Next.js API routes/handlers in an isolated Next.js-like environment
Stars: ✭ 150 (+257.14%)
Mutual labels:  handler
Auth-using-Vuejs-express-jwt-nodejs
Login and signup form and authentication using Vue.js, express, mongodb, JWT and bootstrap-vue
Stars: ✭ 17 (-59.52%)
Mutual labels:  jwt-token
Android-System-Related-Charts
各种与Android系统相关的框架图、流程图
Stars: ✭ 52 (+23.81%)
Mutual labels:  handler
spring-boot-login-example
Spring Boot Login and Registration example with MySQL, JWT, Rest Api - Spring Boot Spring Security Login example
Stars: ✭ 50 (+19.05%)
Mutual labels:  jwt-token
API-Authentication-NodeJs
API Authentication using JWT's (JSON Web Tokens). Plug n Play inside any app which requires authentication. NodeJs Express MongoDB & Redis.
Stars: ✭ 162 (+285.71%)
Mutual labels:  jwt-token
sensu-influxdb-handler
Sensu Go InfluxDB Metrics Handler
Stars: ✭ 14 (-66.67%)
Mutual labels:  handler
vue-token
Simple token storage/ authorization in vuejs.
Stars: ✭ 13 (-69.05%)
Mutual labels:  jwt-token
Human-Resources-Management-System
Human Resources Management System Project
Stars: ✭ 32 (-23.81%)
Mutual labels:  jwt-token
PHP-Session
PHP library for handling sessions.
Stars: ✭ 54 (+28.57%)
Mutual labels:  php-sessions
mpw-rs
Master Password in Pure Rust
Stars: ✭ 34 (-19.05%)
Mutual labels:  stateless
palace
server side framework for dart inspired by express.js
Stars: ✭ 32 (-23.81%)
Mutual labels:  handler
gonreli
use go http handlers in nodejs
Stars: ✭ 14 (-66.67%)
Mutual labels:  handler
springboot-graphql-sqqr-jwt-demo
GraphQL java backend representing the right way to authenticate/authorize using Spring boot, graphql-spqr & jsonwebtoken
Stars: ✭ 28 (-33.33%)
Mutual labels:  jwt-token
node-mysql
Node with mysql boilerplate
Stars: ✭ 72 (+71.43%)
Mutual labels:  jwt-token
cra-flask
Unejected create-react-app ui, flask api with token authentication
Stars: ✭ 20 (-52.38%)
Mutual labels:  jwt-token
laravel-vue-starter
Well Documented Laravel Starter App From Development to Production. For Full Blown RESTFUL API and SPA with Beautiful UI Using Buefy / ElementUi For Reusable Vue Components
Stars: ✭ 80 (+90.48%)
Mutual labels:  jwt-token
NodeScalableArchitecture
A Scalable Node Architecture/Server. This repository contains a complete implementation of writing scalable nodejs server/architecture on my medium blog.
Stars: ✭ 62 (+47.62%)
Mutual labels:  jwt-token
View All Similar Projects ➔

JwtSession

Opensource ByJG Build Status Scrutinizer Code Quality

JwtSession is a PHP session replacement. Instead of use FileSystem, just use JWT TOKEN. The implementation following the SessionHandlerInterface.

How to use:

Before the session_start() use the command:

<?php
$sessionConfig = (new \ByJG\Session\SessionConfig('your.domain.com'))
    ->withSecret('your super base64url encoded secret key');

$handler = new \ByJG\Session\JwtSession($sessionConfig);
session_set_save_handler($handler, true);

Now, all your $_SESSION variable will be saved directly to a JWT Token!!

Secret key

Make sure that you are providing a base64url encoded key.

Motivation

The default PHP Session does not work in different servers using round robin or other algorithms. This occurs because PHP Session are saved by default in the file system.

There are implementations can save the session to REDIS or MEMCACHED, for example. But this requires to you create a new server to store this session and creates a single point of failure. To avoid this you have to create REDIS/MEMCACHED clusters.

But if you save the session into JWT Token you do not need to create a new server. Just to use.

You can read more in this Codementor's article: Using JSON Web Token (JWT) as a PHP Session

Security Information

The JWT Token cannot be changed, but it can be read. This implementation save the JWT into a client cookie.
Because of this do not store in the JWT Token sensible data like passwords.

Install

composer require "byjg/jwt-session=2.0.*"

Setting the validity of JWT Token

<?php
$sessionConfig = (new \ByJG\Session\SessionConfig('your.domain.com'))
    ->withSecret('your super base64url encoded secret key')
    ->withTimeoutMinutes(60);   // You can use withTimeoutHours(1)

$handler = new \ByJG\Session\JwtSession($sessionConfig);
session_set_save_handler($handler, true);

Setting the different Session Contexts

<?php
$sessionConfig = (new \ByJG\Session\SessionConfig('your.domain.com'))
    ->withSecret('your super base64url encoded secret key')
    ->withSessionContext('MYCONTEXT');

$handler = new \ByJG\Session\JwtSession($sessionConfig);
session_set_save_handler($handler, true);

Create the handler and replace the session handler

<?php
$sessionConfig = (new \ByJG\Session\SessionConfig('your.domain.com'))
    ->withSecret('your super base64url encoded secret key')
    ->replaceSessionHandler();

$handler = new \ByJG\Session\JwtSession($sessionConfig);

Specify cookie domain

<?php
$sessionConfig = (new \ByJG\Session\SessionConfig('your.domain.com'))
    ->withSecret('your super base64url encoded secret key')
    ->withCookie('.mydomain.com', '/')
    ->replaceSessionHandler();

$handler = new \ByJG\Session\JwtSession($sessionConfig);

Uses RSA Private/Public Keys

<?php
        $secret = <<<PRIVATE
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA5PMdWRa+rUJmg6QMNAPIXa+BJVN7W0vxPN3WTK/OIv5gxgmj
2inHGGc6f90TW/to948LnqGtcD3CD9KsI55MubafwBYjcds1o9opZ0vYwwdIV80c
OVZX1IUZFTbnyyKcXeFmKt49A52haCiy4iNxcRK38tOCApjZySx/NzMDeaXuWe+1
nd3pbgYa/I8MkECa5EyabhZJPJo9fGoSZIklNnyq4TfAUSwl+KN/zjj3CXad1oDT
7XDDgMJDUu/Vxs7h3CQI9zILSYcL9zwttbLnJW1WcLlAAIaAfABtSZboznsStMnY
to01wVknXKyERFs7FLHYqKQANIvRhFTptsehowIDAQABAoIBAEkJkaQ5EE0fcKqw
K8BwMHxKn81zi1e9q1C6iEHgl8csFV03+BCB4WTUkaH2udVPJ9ZJyPArLbQvz3fS
wl1+g4V/UAksRtRslPkXgLvWQ2k8KoTwBv/3nn9Kkozk/h8chHuii0BDs30yzSn4
SdDAc9EZopsRhFklv9xgmJjYalRk02OLck73G+d6MpDqX56o2UA/lf6i9MV19KWP
HYip7CAN+i6k8gA0KPHwr76ehgQ6YHtSntkWS8RfVI8fLUB1UlT3HmLgUBNXMWkQ
ZZbvXtNOt6NtW/WIAHEYeE9jmFgrpW5jKJSLn5iGVPFZwJIZXRPyELEs9NHWkS6e
GmdzxnECgYEA8+m05B/tmeZOuMrPVJV9g+aBDcuxmW+sdLRch+ccSmx4ZNQOLVoU
klYgTZq/a1O4ENq0h2WgccNlRHdcH4sXMBvLalA/tFhZMUuA/KXWyZ1F0hBnjHVF
cj1alHCqh+9qJDGdn4mxSmrp8p0rfeWgBwlFtJEJmjjDWDCtVY+JZcsCgYEA8EuV
WF/ilgDjgC4jMCYNuO0oFGBbtNP17PuU3kh8W+joqK/nufZ3NLy1WrDIpqa9YPex
328Nnjljf5GJWSdMchAp82waLzl7FaaBTY0iyFAK4J0jfC/fVLx82+wpM3utDnh8
9x5iIboO5U7uEJ7k8X2p64GoprlKJSRmGAJ7eIkCgYEAw5IsXI3NMY0cqcbUHvoO
PehgqfMdX+3O1XSYjM+eO35lulLdWzfTLtKn7BGcUi46dCkofzfZQd5uIEukLhaU
bRqcK45UxgHg4kmsDufaJKZaCWjl3hVZrZPMQSFlWsF41bSCshzxbr3y/3lOGhA4
E+w3W+S/Uk0ZNGkzUltYy6kCgYEA0gRNeBr9z7rhG4O3j3qC3dCxCfYZ0Na8hy5v
M0PJJQ9QYTa04iyOjVItcyE1jaoHtLtoA+9syJBB7RoHIBufzcVg1Pbzf7jOYeLP
+jbTYp3Kk/vjKsQwfj/rJM+oRu3eF9qo5dbxT6btI++zVGV7lbEOFN6Sx30EV6gT
bwKkZXkCgYEAnEtN43xL8bRFybMc1ZJErjc0VocnoQxCHm7LuAtLOEUw6CwwFj9Q
GOl+GViVuDHUNQvURLn+6gg4tAemYlob912xIPaU44+lZzTMHBOJBGMJKi8WogKi
V5+cz9l31uuAgNfjL63jZPaAzKs8Zx6R3O5RuezympwijCIGWILbO2Q=
-----END RSA PRIVATE KEY-----
PRIVATE;

        $public = <<<PUBLIC
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5PMdWRa+rUJmg6QMNAPI
Xa+BJVN7W0vxPN3WTK/OIv5gxgmj2inHGGc6f90TW/to948LnqGtcD3CD9KsI55M
ubafwBYjcds1o9opZ0vYwwdIV80cOVZX1IUZFTbnyyKcXeFmKt49A52haCiy4iNx
cRK38tOCApjZySx/NzMDeaXuWe+1nd3pbgYa/I8MkECa5EyabhZJPJo9fGoSZIkl
Nnyq4TfAUSwl+KN/zjj3CXad1oDT7XDDgMJDUu/Vxs7h3CQI9zILSYcL9zwttbLn
JW1WcLlAAIaAfABtSZboznsStMnYto01wVknXKyERFs7FLHYqKQANIvRhFTptseh
owIDAQAB
-----END PUBLIC KEY-----
PUBLIC;

$sessionConfig = (new \ByJG\Session\SessionConfig('example.com'))
    ->withRsaSecret($secret, $public)
    ->replaceSessionHandler();

$handler = new \ByJG\Session\JwtSession($sessionConfig);

If you want to know more details about how to create RSA Public/Private Keys access: https://github.com/byjg/jwt-wrapper

How it works

We store a cookie named AUTH_BEARER_ with the session name. The PHPSESSID cookie is still created because PHP create it by default but we do not use it;

Open source ByJG

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].