You may also use the \Slim\Middleware\SessionCookie middleware to persist session data in encrypted, hashed
HTTP cookies. To enable the session cookie middleware, add the \Slim\Middleware\SessionCookie middleware to your
Slim application:
<?php
$app = new Slim();
$app->add(new \Slim\Middleware\SessionCookie(array(
'expires' => '20 minutes',
'path' => '/',
'domain' => null,
'secure' => false,
'httponly' => false,
'name' => 'slim_session',
'secret' => 'CHANGE_ME',
'cipher' => MCRYPT_RIJNDAEL_256,
'cipher_mode' => MCRYPT_MODE_CBC
)));
The second argument is optional; it is shown here so you can see the default middleware settings. The session cookie
middleware will work seamlessly with the $_SESSION superglobal so you can easily migrate to this session storage
middleware with zero changes to your application code.
If you use the session cookie middleware, you DO NOT need to start a native PHP session. The $_SESSION superglobal
will still be available, and it will be persisted into an HTTP cookie via the middleware layer rather than with
PHP’s native session management.
Remember, HTTP cookies are inherently limited to only 4 kilobytes of data. If your encrypted session data will exceed this length, you should instead rely on PHP’s native sessions or an alternate session store.