Add Lib\Session: native session wrapper with flash data
Lib\Session (novaconium/lib/Session.php) is a thin, all-static wrapper around PHP's native session handling — get/set/has/remove plus CodeIgniter-style flash data (flash()/getFlash()): a value set now is readable on exactly the next request, then gone, for post/redirect/GET flows like the contact form's hand-rolled ?sent=1 (not refactored here — the original spec cites it as a motivating example, not a mandate). Lazy-start, same shape as the already-shipped Lib\Csrf, which the two classes can share a native session with in the same request without conflict. Flash data is a single per-request swap (snapshot last request's bucket, clear the stored one) rather than a sweep/expiry pass. Verified end-to-end across three separate HTTP requests sharing a cookie jar (not just in-process calls), confirming a flashed value survives exactly one subsequent request. Closes the "Session handling (with flash sessions)" backlog item in novaconium/ISSUES.md.
This commit is contained in:
@@ -17,6 +17,7 @@ A tiny, Hugo-flavored PHP micro-framework. Routes are directories on disk, pages
|
||||
- **Self-hosted spam prevention & form validation** — `Lib\SpamGuard`, a reusable class for any form: a CSS-hidden honeypot field plus a submission-timing check, no external CAPTCHA service, site key, or outbound API call. Pairs with `Lib\FormValidator` (accumulating required-field/email/length checks) and `Lib\Validate` (the underlying validation primitives — email, length, phone, postal/zip, spam-word checks). All three ship in `novaconium/lib/`, demonstrated on the contact form.
|
||||
- **Form security by default** — `Lib\Input`, a cleaning accessor for `$_POST`/`$_GET` (defense-in-depth against HTML/script injection, not a substitute for parameterized queries), and `Lib\Csrf`, standalone session-token CSRF protection called directly from a sidecar. Both ship in `novaconium/lib/`, wired into the contact form, `/admin/clear-cache`, and `/admin/password-hash`.
|
||||
- **SQLite/MySQL database, zero setup** — `Lib\Db`, a thin PDO wrapper (no ORM) supporting multiple named connections open at once — e.g. this site's own SQLite data plus a MySQL connection to a legacy database, usable in the same sidecar — each with its own plain-SQL migration convention, applied automatically on first use or via `php novaconium/bin/migrate.php`. SQLite data lives in a project-owned top-level `data/` directory, outside both `public/` and `novaconium/`. See `/admin/docs/database`.
|
||||
- **Sessions with flash data** — `Lib\Session`, a thin wrapper around native PHP sessions with CodeIgniter-style flash values (set now, readable on exactly the next request) for post/redirect/GET flows without a query-string flag. Lazy-start, same mechanism `Lib\Csrf` already uses. See `/admin/docs/session`.
|
||||
- **No build step, no Composer** — clone it, point Apache (or `php -S`) at `public/`, and it runs. Twig is vendored as source; see `/admin/docs/upgrading-twig` for upgrading it.
|
||||
|
||||
## Getting started
|
||||
@@ -77,12 +78,14 @@ php novaconium/bin/create-static-page.php blog/my-new-post
|
||||
|
||||
## Documentation
|
||||
|
||||
The full framework documentation — routing, sidecars, libraries, layouts, static caching, SEO, Matomo analytics, admin authentication, styling, project layout, and third-party notices — lives at `/admin/docs` on any running instance (so it travels with the code, no internet connection needed). Highlights:
|
||||
The full framework documentation — routing, sidecars, libraries, database, session, layouts, static caching, SEO, Matomo analytics, admin authentication, styling, project layout, and third-party notices — lives at `/admin/docs` on any running instance (so it travels with the code, no internet connection needed). Highlights:
|
||||
|
||||
- [Getting started](http://127.0.0.1:8000/admin/docs/getting-started)
|
||||
- [Routing](http://127.0.0.1:8000/admin/docs/routing)
|
||||
- [Sidecars](http://127.0.0.1:8000/admin/docs/sidecars)
|
||||
- [Libraries](http://127.0.0.1:8000/admin/docs/libraries)
|
||||
- [Database](http://127.0.0.1:8000/admin/docs/database)
|
||||
- [Session](http://127.0.0.1:8000/admin/docs/session)
|
||||
- [Layouts](http://127.0.0.1:8000/admin/docs/layouts)
|
||||
- [Static caching](http://127.0.0.1:8000/admin/docs/caching)
|
||||
- [SEO](http://127.0.0.1:8000/admin/docs/seo)
|
||||
|
||||
Reference in New Issue
Block a user