On this page
Reference
Session Validators
Session validators provide protections against session hijacking.
Http User Agent
Laminas\Session\Validator\HttpUserAgent
provides a validator to check the session
against the originally stored $_SERVER['HTTP_USER_AGENT']
variable. Validation
will fail in the event that this does not match and throws an exception in
Laminas\Session\SessionManager
after session_start()
has been called.
Basic Usage
use Laminas\Session\Validator\HttpUserAgent;
use Laminas\Session\SessionManager;
$manager = new SessionManager();
$manager->getValidatorChain()
->attach('session.validate', [new HttpUserAgent(), 'isValid']);
Remote Addr
Laminas\Session\Validator\RemoteAddr
provides a validator to check the session
against the originally stored $_SERVER['REMOTE_ADDR']
variable. Validation
will fail in the event that this does not match and throws an exception in
Laminas\Session\SessionManager
after session_start()
has been called.
Installation Requirements
The validation of the IP address depends on the laminas-http component, so be sure to have it installed before getting started:
$ composer require laminas/laminas-http
Basic Usage
use Laminas\Session\Validator\RemoteAddr;
use Laminas\Session\SessionManager;
$manager = new SessionManager();
$manager->getValidatorChain()
->attach('session.validate', [new RemoteAddr(), 'isValid']);
Custom Validators
You may want to provide your own custom validators to validate against other
items from storing a token and validating a token to other various techniques.
To create a custom validator you must implement the validation interface
Laminas\Session\Validator\ValidatorInterface
.