Hi all,
Is any way to change Kirby session handler to anything else than files inside session folder (Redis maybe)?
I have an multiple servers configuration and I need csrf to be validated between different requests. I know that I can change the config of the proxy server to force the requests from same host, but I like to maintain current behavior of “distributed” requests.
Thank you!
Kirby only ships with a file storage driver at the moment, however we have designed the session implementation with a storage abstraction for exactly such use cases. But it’s currently a rather manual process as it has not been a common request.
First you need to implement your own storage class (using Redis or any other storage layer). You can find the abstracted interface in the SessionStorage class and our implementation in the FileSessionStore class.
To use the custom storage class, you then need to override the $app->sessionHandler() method and pass your own storage instance to the AutoSession class (in place of the sessions root). The method override can be done by replacing the app class.