Laravel looks to be overriding the default PHP session handler with its own implementation. I am guessing this is done in a manner of session_set_save_handler.
Laravel manually calls the read method of given handler here:
https://github.com/illuminate/session/blob/master/Store.php#L94
$this->handler->read($this->getId()
This directly calls the read method on the session handler. Let's take a DatabaseSessionHandler as an example. The method the store actually calls is just a method that seems to abide to the SessionInterface.
https://github.com/illuminate/session/blob/master/DatabaseSessionHandler.php#L86
What I don't get though it how is the automatic read() suppressed? Even though you have a custom session handler doesn't it still call read whenever you perform a session_start()?
Laravel also manually calls write() on a handler. I know when you use a set_session_save_handler that write will be called whenever your script ends. Meaning that if I were to manually call it, it would be triggered a second time when my application's lifecycle would end.
How is this being prevented?
Edit
Looks like session_set_save_handler is not used but an entire own implementation for sessions. I am wondering though, how does Laravel deal with third party packages or javascript that interacts with the session though?
stephan-v
>All comments
Please ask questions on the forums.
GrahamCampbell
on 2 Feb 2017
Related issues
PhiloNL
路
3Comments
kerbylav
路
3Comments
shopblocks
路
3Comments
felixsanz
路
3Comments
progmars
路
3Comments