We are moving our forum in GitHub Discussions. For questions about Phalcon v3/v4 you can visit here and for Phalcon v5 here.

cookie-less http based Session for APP API

We are working on a platform that is available for both web, and also developing an API that communicates with Mobile Apps.

The Apps does not store cookies but will rely on device ID and a token sent in the http header.

And once authenticated through a regular posted sign in form, the server will generate a unique token that among other things is returned to the APP.

The App will store the token send in the http header for all requests after this.

The token could simply store the session ID, that one would normally set in a cookie for a regular web application.

Question is, how do we make Phalcon keep state (or “session”) by reading the http token instead of the cookie based session ID ? .. both are in the http header anyway...

Here our session from the Dependency Injector: (hmm, having problems with linebreaks in the example)

$di->setShared('session',function() { $session = new Phalcon\Session\Adapter\Redis([ 'uniqueId' => 'fbx', 'host' => '', 'port' => 6379, 'persistent' => false, 'lifetime' => 604800, 'prefix' => 'fbx_' ]); $session->start(); return $session; });

You'd need to override default session service for that. It is not hard, I'll post you guide later.