SessionStore
Where sessions live — the storage seam for opaque, revocable, expiring server-side sessions. This is the package's central act of restraint: auth defines *what* it needs from storage (read a record by id, write one, destroy one) and a downstream package decides *how* — a `milpa/data` backend, Redis, a database table. Auth never reaches for a database of its own. Implementations MUST be fail-closed on read: {@see self::read()} returns `null` not only for an absent id but for any record that is no longer valid (expired or revoked), so a stale session can never resurrect an actor.
SessionStore::read()
abstract public function read(string $sessionId): ?Milpa\Auth\SessionRecordThe session stored under `$sessionId`, or `null` when none is stored — or when the stored one is no longer valid (expired or revoked). Fail-closed: an invalid session reads as absent.
Parameters
| Name | Type | Description |
|---|---|---|
| $sessionId | string |
SessionStore::write()
abstract public function write(Milpa\Auth\SessionRecord $session): voidPersists `$session`, keyed by its {@see SessionRecord::$id} — issuing a new session or replacing an existing one under the same id.
Parameters
| Name | Type | Description |
|---|---|---|
| $session | Milpa\Auth\SessionRecord |
SessionStore::destroy()
abstract public function destroy(string $sessionId): voidRemoves the session stored under `$sessionId` — the hard revocation path. A no-op when none is stored.
Parameters
| Name | Type | Description |
|---|---|---|
| $sessionId | string |