Session Functions - Soli MVC Documentation

Basic Operations

session_get(key)

Get a value from the session.

Parameters

key : String - The session key

Returns

Any? - The stored value or null if not found

let user_id = session_get("user_id")
let cart = session_get("shopping_cart") ?? []

session_set(key, value)

Store a value in the session.

Parameters

key : String - The session key

value : Any - The value to store (must be JSON-serializable)

session_set("user_id", 123)
session_set("preferences", { "theme": "dark", "lang": "en" })

session_delete(key)

Remove a value from the session.

session_delete("user_id")
session_delete("temporary_data")

session_has(key)

Check if a key exists in the session.

Returns

Bool - true if the key exists

if session_has("user_id") {
    // User is logged in
}

Session Management

session_destroy()

Destroy the entire session. Removes all data and invalidates the session ID.

// Logout
session_destroy()

session_regenerate()

Generate a new session ID while preserving data. Important: Call this after login to prevent session fixation attacks.

// After successful login
session_set("user_id", user["id"])
session_regenerate()  // Security: generate new session ID

session_id()

Get the current session ID.

Returns

String - The session identifier

Common Patterns

Authentication Flow

// Login
fn login(email: String, password: String) -> Bool {
    let user = User.find_by_email(email)
    if !user || !argon2_verify(password, user["password_hash"]) {
        return false
    }

    session_set("user_id", user["id"])
    session_regenerate()  // Prevent session fixation
    return true
}

// Check authentication
fn current_user() -> Hash? {
    let user_id = session_get("user_id")
    if !user_id {
        return null
    }
    return User.find(user_id)
}

// Logout
fn logout() {
    session_destroy()
}

Flash Messages

// Set a flash message
fn flash(type: String, message: String) {
    let flashes = session_get("_flashes") ?? []
    push(flashes, { "type": type, "message": message })
    session_set("_flashes", flashes)
}

// Get and clear flash messages
fn get_flashes() -> Array {
    let flashes = session_get("_flashes") ?? []
    session_delete("_flashes")
    return flashes
}

// Usage
flash("success", "Account created!")
flash("error", "Invalid email address")