5

I am developing a PHP application just as an exercise, and I was wondering where the session creation would be more correct.

I receive the login data in a controller, then I ask my model if that user exists and if the password matches. Should this same controller handle session creation? I just can't find a good answer for this.

halfer
  • 19,824
  • 17
  • 99
  • 186
Ren
  • 431
  • 6
  • 15

4 Answers4

3

The session handler could be a component injected in any controller upon demand, or an application-wide singleton.

I'd go with the first approach on a medium app, and use the latter in a microframework, where the dependencies are less.

moonwave99
  • 21,957
  • 3
  • 43
  • 64
  • 1
    @tereško nothing ever should be "nothing ever". Singletons are bad we know, but if you know what you are doing, you can make a fair and little use of it - just don't abuse and let your codebase become a mess of `SomeClass::getInstance()`. – moonwave99 May 06 '13 at 23:09
  • 1
    there are two problems with that line of thinking: 1. someone will most likely have to understand you code 6 month after it was made (it might even be you), 2. that small spoonful of crap in honey bowl makes the unit testing a LOT harder – tereško May 06 '13 at 23:18
  • 1
    @tereško I agree with you - partitially - but also disagree: IMHO You should not use a lot singletons and avoid them if possible but if you use them you can always wrap their access in a method in your class that is using it and mock this whole method, so testing does not become an issue and you can even override or simply change the code as needed. – floriank May 06 '13 at 23:36
  • In case a create a singleton session model, would it be a good idea to receive the data from login form in my controller, ask my login model to check the credentials and then back in the controller, in case they match, ask the session model to store the data in a session? – Ren May 07 '13 at 00:08
  • Singletons are *bad*, because : 1) They **break the single Responsibility Principle** 2) They introduce another form of global state. That's why Singletons should never be used. If you insist on Singletons, implement a Registry instead (as a last chance) – Yang May 08 '13 at 21:15
2

Session should be initialized when you first time utilize that storage medium.

Most likely as:

namespace Mapper;

class Session 
{
    public function prepare()
    {
        session_set_cookie_params( ... ); // if needed
        session_start();
    }

    public function store(SomeInterface $object) { ... }
    public function retrieve(SomeInterface $object) { ... }
}

.. where prepare() method is called on session instance before the factory releases it to "general application".

Basically, from model layer's point of view, session is just another type of storage, that you utilize with some sort of mapper. This mapper can be shared throughout the application using factory, which makes sure, that all the parts of model layer are using same object for abstraction the session.

Controllers should not be even aware, that the session is utilized somewhere withing model layer. Only part of model layer, that controllers are aware of, should be the services, through which controller alters the sate of model layer.

tereško
  • 58,060
  • 25
  • 98
  • 150
  • So, in this case, this Session class should be a model, right? – Ren May 07 '13 at 00:09
  • @Renato , [model is not a class or object](http://stackoverflow.com/a/5864000/727208), it is a layer. – tereško May 07 '13 at 05:15
  • Why `session_start()` is not inside a constructor??! – Yang May 08 '13 at 21:22
  • @tereško yes, constructors should init the state and only. But `session_start()` inits that state, so that another abstractions like `($session->read($key)`, `$session->write(array('foo' => 'bar')))` will work. That's the point – Yang May 09 '13 at 18:07
  • Why would you do "work" in the constructor. This only makes the whole thing untestable. Stop advertising harmful practices. – tereško May 09 '13 at 20:13
1

Either your application has a bootstrap file, you can initiate your session there. If your Session-Class has an autostart, then you dont care about it in the most cases. If your MVC implements an interceptor pattern you can create a plugin for that, to initiate your session.

Creation Session in controller produce redudant code and one of the important principle is DRY (Dont repeat yourself).

Mamuz
  • 1,730
  • 12
  • 14
-1

You might check out the "Front Controller" pattern that is commonly used with the MVC pattern.

From http://en.wikipedia.org/wiki/Front_Controller_pattern

  • The Front Controller Pattern is a software design pattern listed in several pattern catalogs. The pattern relates to the design of web applications. It "provides a centralized entry point for handling requests."
EToreo
  • 2,936
  • 4
  • 30
  • 36
  • 1
    And how is front controller (essentially - the bootstrap process) related to dealing with sessions ? – tereško May 06 '13 at 23:31