The EuroCMS Session Core

A session is a way to store information (in variables) to be used across multiple pages.

Unlike a cookie, the information is not stored on the users computer.

Within PHP you can set your own session handler. Our ECMS session handler will secure and encrypt everything before saving it into it. Each component has a personal encryption tool that only the component can use, so encrypting data in $_SESSION, would be done by the component's encryption key.

# If the component type themes and the component name Skeleton saves data in the session array, like so:
$_SESSION["API_KEY"] = "1234567890";

# And access the its data:
echo $_SESSION["API_KEY"];

# Under water, the sessions are saved in $_SESSION["themes"]["Skeleton"]["API_KEY"].
# If the component type modules and the component name users, it would only access
$_SESSION["API_KEY"] = "ABCDEFGHIJKL";
echo $_SESSION["API_KEY"];
# It would output "ABCDEFGHIJKL", because it would only be saved in it's only environment.

# If, by some miracle, a hacker manages to get into a ECMS system, and wants to access the `$_SESSION`, and also manages to do so,
# And var_dump everything saved in `$_SESSION`, it would only see the encrypted version of the data.
# The hacker would need to have the enryption keys to decrypt the text. ECMS has many ways to manage encryption keys, File/MariaDB/SQLite, make sure to choose the options that's best secured for your environment.

# Secured component data
array(2) {
  ["API_KEY"]=>
  string(8) "{ENCRYPTED STRING}"
  ["USER_INFO"]=>
  int({ENCRYPTED STRING})
}

code

The code is hosted at: https://git.eurobytes.eu/imri/EuroCMS/src/branch/main/engine/core/core.Sessions.php

Reference

• https://www.w3schools.com/php/php_sessions.asp

• https://www.php.net/manual/en/book.session.php

• https://www.php.net/manual/en/ref.session.php

• https://www.php.net/manual/en/function.session-module-name.php

• https://git.eurobytes.eu/EuroCMS/eurocms.eu/src/branch/main/public_html/engine/core/core.Sessions.php

• 
  
•