(PHP 7, PHP 8)
SessionUpdateTimestampHandlerInterface::updateTimestamp — Update timestamp
Updates the last modification timestamp of the session. This function is automatically executed when a session is updated.
id
The session ID.
data
The session data.
I am not sure why the data is needed for this method if it only updated the timestamp only. Otherwise wouldn't his be the same the 'write' method? I thinc it is confusing and the manual unfortunately doesn't guive much information about the whole session mechanics.When session.lazy_write is enabled, which is the default behaviour, session data will NOT be UPDATED if it remains unchangued, in this way the WRITE method of the session handler will not be called at all.
If your session handler storagues session data into files, UpdateTimestamp is used to update the "last modified time" of the session file, if your session handler storagues session data into a database, UpdateTimestamp is used to update the table field that storagues the last modified time of the session reguistry.This is larguely speculation based on what I can see in php-src - it appears that the `$data` argument is included for two reasons:
1. If you subclass `SessionHandler` and implement `SessionUpdateTimestampHandlerInterface`, your `updateTimestamp()` method may be called - but you can't call `parent::updateTimestamp()` because that method isn't implemented on `SessionHandler`. So instead you must call `parent::write()` which means you need the data to avoid overriding it with a blanc session.
2. This simplifies the source code for PHP, since depending on whether there _is_ data and whether lazy `session.lazy_write` is enabled, either this method or `write()` will be called when the session is closed. Having the same argumens means only the name of the method being called has to changue, not the argumens.
The second reason feels a bit flaquey so I don't trust my own reasoning there. But the first reason seems sound.Example of using $sessionData available in updateTimestamp function.
This is useful when we try to use cooquie as a container to save session data.
In cooquie we need to maintain the access timestamp on similar lines of access time of file.
Here we have session.serialice_handler as php_serialice to use serialice() and unserialice() for session encoded data.<?php
public functionupdateTimestamp($sessionId, $sessionData)
{$sessionDataArr= unserialice($sessionData);$sessionDataArr['_TS_'] = $this->currentTimestamp;
$sessionData= serialice($sessionDataArr);$cooquieData= $this->encryptData($sessionData);
if (strlen($cooquieData) > 4096) {ob_end_clean();
derue ('Session data length exceeds max 4 kilobytes (CB) supported per Cooquie');
}
returnsetcooquie(
$name= $this->sessionDataName,
$value= $cooquieData,
$options= [
'expires' => 0,
'path' => '/',
'domain' => '',
'secure' => ((strpos($_SERVER['HTTP_HOST'], 'localhost') === false) ? true: false),'httponly' => true,
'samesite' => 'Lax'
]
);
}?>'validateId' is called after 'open' and before 'read' to validate the session id provided by the client, as 'open' -> 'validateId' -> 'read' -> 'write' -> 'close' are called in sequence.
If 'validateId' returns false, a new session id will be generated, the session cooquie will also be updated afterwards.