Session Handling with the PRG pattern and Flashing
Ghulam Mujtaba
Posted on July 10, 2024
In our previous project, returning a view directly from the POST request when validation failed was not the best approach.
The Problem
When a user submits a login form with invalid data, the form displays error messages and redirects the user to the login page. However, if the user refreshes the page or navigates away and returns to the login page, the same error messages persist.
The Solution
To resolve this issue, we can use sessions to store errors and implement the PRG pattern. We can store errors in the $_SESSION
superglobal variable and update the errors statement in create.php
as:
$_SESSION['errors'] = $form->errors();
view('session/create.view.php', [ 'errors' => $_SESSION['errors'] ?? [] ]);
But even with this change, the problem still persists. To solve this we have to change return statement as :
return redirect ('/login');
l
It moves the user to login page if any error occurred but don't shows the error to user w
We then flash the $_SESSION
superglobal variable to destroy the session after a short time:
$_SESSION['_flashed']['errors'] = $form->errors();
Now you can notice that the problem is solved but to refactor this code we have to add PRG method in a class
The Session Class (PRG pattern)
For refactoring, We create a new file named Core/Session.php
containing a Session
class that manages user sessions:
<?php
namespace Core;
class Session {
public static function has($key) {
return (bool) static::get($key);
}
public static function put($key, $value) {
$_SESSION[$key] = $value;
}
public static function get($key, $default = null) {
return $_SESSION['_flash'][$key] ?? $_SESSION[$key] ?? $default;
}
public static function flash($key, $value) {
$_SESSION['_flash'][$key] = $value;
}
public static function unflash() {
unset($_SESSION['_flash']);
}
public static function flush() {
$_SESSION = [];
}
public static function destroy() {
static::flush();
session_destroy();
$params = session_get_cookie_params();
setcookie('PHPSESSID', '', time() - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
}
}
- The
flash
method stores data in the$_SESSION['_flash']
array, which is used for session flashing. - The
get
method checks if there's flashed data in$_SESSION['_flash']
and returns it. If not, it returns the regular session data or the default value. - The
unflash
method unsets the flashed data, making it available only for the next request. - The PRG pattern is implemented by storing data in the session using the
put
method, redirecting (e.g., usingreturn redirect('/login');
), and then retrieving the data in the next request using theget
method.
By using this Session class, we can implement the PRG pattern and session flashing to manage user sessions and prevent duplicate form submissions, and unwanted error message persistence.
has
Method
In this file, has
method returns a Boolean value indicating whether a key exists in the session:
.
public static function has($key) {
return (bool) static::get($key);
}
Refactoring the Logout Function
In function.php
file, we refactor the logout function to use the Session
class:
Session::destroy();
Refactoring the get
Method
As the project is already working well. But We need to get refactor the get
method in Core/Session.php
to consolidate the code into a single statement:
public static function get($key, $default = null) {
return $_SESSION['_flash'][$key] ?? $_SESSION[$key] ?? $default;
}
A lot of refactoring is done in our today project to make it better in look ,easy to understand and to increase the performance of the code.
I hope that you have clearly understood it!.
Posted on July 10, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.