SessionRecord
A persisted session: the plain, storage-agnostic shape a {@see Contracts\SessionStore} reads and writes. It records who the session belongs to ({@see self::$actorId}, {@see self::$actorType}) and what it grants ({@see self::$scopes}, {@see self::$claims}), plus the lifetime facts that decide whether it may still be trusted — its {@see self::$expiresAt} and its {@see self::$revoked} flag. It carries no storage concern of its own; {@see self::toActor()} projects it back into the live {@see Actor} the policy layer authorises against. Immutable by construction.
SessionRecord::__construct()
public function __construct(string $id, string $actorId, Milpa\Auth\ActorType $actorType, DateTimeImmutable $createdAt, DateTimeImmutable $expiresAt, array $scopes = [], array $claims = [], bool $revoked = false):Parameters
| Name | Type | Description |
|---|---|---|
| $id | string | the opaque session id (the value behind the cookie/token) |
| $actorId | string | the {@see Actor::$id} this session belongs to |
| $actorType | ActorType | the {@see Actor::$type} this session belongs to |
| $createdAt | \DateTimeImmutable | when the session was issued |
| $expiresAt | \DateTimeImmutable | when the session stops being valid |
| $scopes | list<string> | the permissions the session grants its actor |
| $claims | array<string, mixed> | everything else to rehydrate onto the {@see Actor} |
| $revoked | bool | whether the session was explicitly revoked before expiry |
SessionRecord::isExpired()
public function isExpired(DateTimeImmutable $now): boolWhether this session has expired as of `$now` — true once `$now` reaches or passes {@see self::$expiresAt}. The clock is the caller's to supply, never read ambiently, so expiry is deterministic and testable.
Parameters
| Name | Type | Description |
|---|---|---|
| $now | DateTimeImmutable |
SessionRecord::isValid()
public function isValid(DateTimeImmutable $now): boolWhether this session may still be trusted as of `$now`: neither expired ({@see self::isExpired()}) nor {@see self::$revoked}. Fail-closed — anything that is not provably still valid is invalid.
Parameters
| Name | Type | Description |
|---|---|---|
| $now | DateTimeImmutable |
SessionRecord::toActor()
public function toActor(): Milpa\Auth\ActorProjects this record into the live {@see Actor} the policy layer authorises against, carrying the session's actor id, type, scopes, and claims. Validity is checked separately via {@see self::isValid()} — projecting a record does not, on its own, assert it is still good.