Session handling and GDPR
When coding for concrete5 you shouldn't use the
$_SESSION super global: there's the really handy
To get this object in a controller file, you can simply write this:
$session = $this->app->make('session');
If you are not in a controller, you'll need the
Application instance, for example with this code:
$app = \Concrete\Core\Support\Facade\Application::getFacadeApplication(); $session = $app->make('session');
Please note that getting the
Session instance will start the session (which implies setting a cookie on the visitors web browser).
This is not a problem if you are storing a value in the session object, but this is useless if you want to read something from the session.
Since concrete5 version 8.4.0 you can use the
SessionValidator service class to check if there's already an active session, so that you can get the
Session instance only if it's already created:
$sessionValidator = $this->app->make(\Concrete\Core\Session\SessionValidator::class); $session = $sessionValidator->hasActiveSession() ? $this->app->make('session') : null;
With the above code,
$session will be
null if there's no active session, or it will contain the
Session instance otherwise.
Since concrete5 version 8.5.1 you can also use this code (with the same result):
$session = $this->app->make(\Concrete\Core\Session\SessionValidator::class)->getActiveSession();
Once you have the
Session instance, you can use all the fancy Symfony methods of the