Merge pull request #9 from byjg/1.0.3

Some Updates

Author: byjg

README.md

@@ -1,12 +1,13 @@
 # JwtSession
 
+[![Opensource ByJG](https://img.shields.io/badge/opensource-byjg.com-brightgreen.svg)](http://opensource.byjg.com)
 [![Build Status](https://travis-ci.org/byjg/jwt-session.svg?branch=master)](https://travis-ci.org/byjg/jwt-session)
 [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/byjg/jwt-session/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/byjg/jwt-session/?branch=master)
 
 JwtSession is a PHP session replacement. Instead of use FileSystem, just use JWT TOKEN. 
 The implementation following the SessionHandlerInterface.
 
-## How to use:
+# How to use:
 
 Before the session_start() use the command: 
 
@@ -18,7 +19,7 @@ session_set_save_handler($handler, true);
 
 Now, all your `$_SESSION` variable will be saved directly to a JWT Token!!
 
-## Motivation
+# Motivation
 
 The default PHP Session does not work in different servers using round robin or other algorithms.
 This occurs because PHP Session are saved by default in the file system. 
@@ -39,15 +40,15 @@ The JWT Token cannot be changed, but it can be read.
 This implementation save the JWT into a client cookie.  
 Because of this _**do not** store in the JWT Token sensible data like passwords_.
 
-## Install
+# Install
 
 ```
 composer require "byjg/jwt-session=1.0.*"
 ```
 
-## Customizations
+# Customizations
 
-### Setting the validity of JWT Token
+## Setting the validity of JWT Token
 
 ```php
 <?php
@@ -56,31 +57,33 @@ $handler = new \ByJG\Session\JwtSession('your.domain.com', 'your super secret ke
 session_set_save_handler($handler, true);
 ```
 
-### Setting the different Session Contexts
+## Setting the different Session Contexts
 
 ```php
 <?php
 $handler = new \ByJG\Session\JwtSession('your.domain.com', 'your super secret key', 20, 'MYCONTEXT');
 session_set_save_handler($handler, true);
 ```
 
-### Create the handler and replace the session handler
+## Create the handler and replace the session handler
 
 ```php
 <?php
 $handler = new \ByJG\Session\JwtSession('your.domain.com', 'your super secret key');
 $handler->replaceSessionHandler(true);
 ```
 
-### Create the handler and replace the session handler, specifying cookie domain valid for all subdomains of mydomain.com
+## Create the handler and replace the session handler, specifying cookie domain valid for all subdomains of mydomain.com
 
 ```php
 <?php
 $handler = new \ByJG\Session\JwtSession('your.domain.com', 'your super secret key', null, null, '.mydomain.com');
 $handler->replaceSessionHandler(true);
 ```
 
-### How it works
+## How it works
 
 We store a cookie named AUTH_BEARER_<context name> with the session name. The PHPSESSID cookie is still created because
-PHP create it by default but we do not use it;
+PHP create it by default but we do not use it;
+
+

_config.yml

@@ -0,0 +1,53 @@
+name: jwt-session
+
+project:
+  version: 1.0.0
+  download_url: https://github.com/byjg/jwt-session/releases
+
+license:
+  software: MIT
+  software_url: https://opensource.org/licenses/MIT
+  
+  docs: MIT
+  docs_url: https://opensource.org/licenses/MIT
+  
+git_edit_address: https://github.com/byjg/jwt-session/blob/master/
+
+links:
+  header:
+  - title: GitHub
+    url: https://github.com/byjg/jwt-session
+  - title: ByJG
+    url: https://opensource.byjg.com/
+  footer:
+  - title: GitHub
+    url: https://github.com/byjg/jwt-session
+  - title: Issues
+    url: https://github.com/byjg/jwt-session/issues
+
+ui:
+  header:
+    color1: "#080331"
+    color2: "#0033cc"
+    trianglify: true
+
+social:
+  github:
+    user: byjg
+    repo: jwt-session
+  twitter:
+    enabled: false
+    via: 
+    hash: opensourcebyjg
+    account: 
+  facebook:
+    enabled: false
+    profileUrl:
+
+analytics:
+  google: UA-130014324-1
+
+# Build settings
+markdown: kramdown
+remote_theme: allejo/jekyll-docs-theme
+

src/JwtSession.php

@@ -19,22 +19,29 @@ class JwtSession implements SessionHandlerInterface
 
     protected $cookieDomain;
 
+    protected $path = "/";
+
     /**
      * JwtSession constructor.
      *
      * @param $serverName
      * @param $secretKey
      * @param int $timeOutMinutes
      */
-    public function __construct($serverName, $secretKey, $timeOutMinutes = null, $sessionContext = null, $cookieDomain = null)
+    public function __construct($serverName, $secretKey, $timeOutMinutes = null, $sessionContext = null, $cookieDomain = null, $path = "/")
     {
         $this->serverName = $serverName;
         $this->secretKey = $secretKey;
         $this->timeOutMinutes = $timeOutMinutes ?: 20;
         $this->suffix = $sessionContext ?: 'default';
         $this->cookieDomain = $cookieDomain;
+        $this->path = "/";
     }
 
+    /**
+     * @param bool $startSession
+     * @throws JwtSessionException
+     */
     public function replaceSessionHandler($startSession = true)
     {
         if (session_status() != PHP_SESSION_NONE) {
@@ -78,7 +85,13 @@ public function close()
     public function destroy($session_id)
     {
         if (!headers_sent()) {
-            setcookie(self::COOKIE_PREFIX . $this->suffix, null);
+            setcookie(
+                self::COOKIE_PREFIX . $this->suffix,
+                null,
+                (time()-3000),
+                $this->path,
+                $this->cookieDomain
+            );
         }
 
         return true;
@@ -172,7 +185,15 @@ public function write($session_id, $session_data)
         $token = $jwt->generateToken($data);
 
         if (!headers_sent()) {
-            setcookie(self::COOKIE_PREFIX . $this->suffix, $token, null, '/', $this->cookieDomain);
+            setcookie(
+                self::COOKIE_PREFIX . $this->suffix,
+                $token,
+                (time()+$this->timeOutMinutes*60) ,
+                $this->path,
+                $this->cookieDomain,
+                false,
+                true
+            );
             if (defined("SETCOOKIE_FORTEST")) {
                 $_COOKIE[self::COOKIE_PREFIX . $this->suffix] = $token;
             }