Session Handling with the PRG pattern and Flashing

In our previous project, returning a view directly from the POST request when validation failed was not the best approach.

The Problem

When a user submits a login form with invalid data, the form displays error messages and redirects the user to the login page. However, if the user refreshes the page or navigates away and returns to the login page, the same error messages persist.

The Solution

To resolve this issue, we can use sessions to store errors and implement the PRG pattern. We can store errors in the $_SESSION superglobal variable and update the errors statement in create.php as:

$_SESSION['errors'] = $form->errors();
view('session/create.view.php', [ 'errors' => $_SESSION['errors'] ?? [] ]);

But even with this change, the problem still persists. To solve this we have to change return statement as :

return redirect ('/login');

l
It moves the user to login page if any error occurred but don't shows the error to user w
We then flash the $_SESSION superglobal variable to destroy the session after a short time:

$_SESSION['_flashed']['errors'] = $form->errors();

Now you can notice that the problem is solved but to refactor this code we have to add PRG method in a class

The Session Class (PRG pattern)

For refactoring, We create a new file named Core/Session.php containing a Session class that manages user sessions:

<?php 
namespace Core;
class Session {
    public static function has($key) {
        return (bool) static::get($key);
    }
    public static function put($key, $value) {
        $_SESSION[$key] = $value;
    }
    public static function get($key, $default = null) {
        return $_SESSION['_flash'][$key] ?? $_SESSION[$key] ?? $default;
    }
    public static function flash($key, $value) {
        $_SESSION['_flash'][$key] = $value;
    }
    public static function unflash() {
        unset($_SESSION['_flash']);
    }
    public static function flush() {
        $_SESSION = [];
    }
    public static function destroy() {
        static::flush();
        session_destroy();
        $params = session_get_cookie_params();
        setcookie('PHPSESSID', '', time() - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
    }
}

1. The flash method stores data in the $_SESSION['_flash'] array, which is used for session flashing.
2. The get method checks if there's flashed data in $_SESSION['_flash'] and returns it. If not, it returns the regular session data or the default value.
3. The unflash method unsets the flashed data, making it available only for the next request.
4. The PRG pattern is implemented by storing data in the session using the put method, redirecting (e.g., using return redirect('/login');), and then retrieving the data in the next request using the get method.

By using this Session class, we can implement the PRG pattern and session flashing to manage user sessions and prevent duplicate form submissions, and unwanted error message persistence.

has Method

In this file, has method returns a Boolean value indicating whether a key exists in the session:

. 

public static function has($key) {
    return (bool) static::get($key);
}

Refactoring the Logout Function

In function.php file, we refactor the logout function to use the Session class:

Session::destroy();

Refactoring the get Method

As the project is already working well. But We need to get refactor the get method in Core/Session.php to consolidate the code into a single statement:

public static function get($key, $default = null) {
    return $_SESSION['_flash'][$key] ?? $_SESSION[$key] ?? $default;
}

A lot of refactoring is done in our today project to make it better in look ,easy to understand and to increase the performance of the code.

I hope that you have clearly understood it!.