Skip to content
docsv0.1.0

InMemorySessionStore

Array-backed {@see SessionStore}: the same contract kept entirely in process memory, for tests and zero-file consumers. Nothing is written to disk and nothing survives past the instance's lifetime. Expiry is evaluated against an injectable clock rather than the ambient wall clock, so a test can pin "now" and prove the fail-closed read: {@see self::read()} returns `null` for a record that is expired or revoked as of the clock, exactly as the contract demands.

InMemorySessionStore::__construct()

public function __construct(?callable $clock = null):

Parameters

Parameters of __construct()
NameTypeDescription
$clock(callable(): \DateTimeImmutable | null)the clock expiry is evaluated against; defaults to the wall clock. Inject it to pin "now" in a test.

InMemorySessionStore::read()

public function read(string $sessionId): ?Milpa\Auth\SessionRecord

The valid session stored under `$sessionId`, or `null` when none is stored — or when the stored one is expired or revoked as of the injected clock (fail-closed).

Parameters

Parameters of read()
NameTypeDescription
$sessionIdstring

InMemorySessionStore::write()

public function write(Milpa\Auth\SessionRecord $session): void

Persists `$session` in memory, keyed by its {@see SessionRecord::$id}.

Parameters

Parameters of write()
NameTypeDescription
$sessionMilpa\Auth\SessionRecord

InMemorySessionStore::destroy()

public function destroy(string $sessionId): void

Removes the session stored under `$sessionId`. A no-op when none is stored.

Parameters

Parameters of destroy()
NameTypeDescription
$sessionIdstring