comphp/session owns session state and session persistence abstractions.
- Session lifecycle: start, save, invalidate, regenerate ID.
- Session data access.
- Root and named session bags.
- Flash messages.
- Session driver contracts.
- Native PHP session integration.
- Session-specific exceptions.
- HTTP request or response objects.
- Cookie response emission outside native PHP session behavior.
- Authentication.
- Authorization.
- CSRF token generation or validation.
- Database connection management.
- Routing, controllers, templates, or UI.
comphp/httpowns request and response primitives.comphp/securityowns CSRF, authorization, password hashing, and security context behavior.comphp/authowns authentication state and identity.comphp/databaseowns database connections and queries.
Database-backed session storage should live in driver packages. A driver package should implement SessionDriverInterface and depend on the storage package it needs.
Examples:
comphp/session-comphp-databasecomphp/session-mysqldb
Keeping storage backends outside this package keeps the core API easy to understand, debug, use, and update.