The Session class within the Boostack\Models\Session namespace handles user session operations in a web application.
The Session class is designed to manage user sessions, providing methods to initialize a session, retrieve and set session values, handle user login and logout, check login status, and manage CSRF protection.

To enable session management, you need to set $config['session_on'] to TRUE in the config/env.php configuration file.
Session management is done using the database and therefore requires that $config['database_on'] is set to TRUE.

Usage Example

use Boostack\Models\Session\Session;
if (empty(Session::get("current_year"))) {
    Session::set("current_year", date("Y")); // store session variable in database


The methods of the Session class that handle the login and logout of the current user are wrapped within specific methods of the Auth class. It is recommended to use the Auth class to manage these scenarios.

  • Session::get($key)
    Used to access the session information stored on the database. To access the session use this method in this way: Session::get("key").
  • Session::set($key, $value)
    This method is used to set the session information into the database.
    And the method accept parameter in this way: Session::set("key",value).
  • Session::getUserObject()
    This method is same the Auth::getUserLoggedObject method, used to obtain the current logged User object.
  • Session::getUserID()
    Used to view the current logged user id.
  • Session::loginUser($userID)
    This method update the session information that user is logged in successfully.
  • Session::logoutUser()
    This method update the session information about the user is logout successfully.
  • Session::isLoggedIn()
    Check if the user has already done the login session.
  • Session::CSRFCheckValidity($postArray, $throwException)
    Check the validity of CSRF token
  • Session::CSRFRenderHiddenField()
    Used to inject in the document dom the input with CSRF token.