In our previous project, returning a view directly from the POST request when validation failed was not the best approach.
The Problem
When a user submits a login form with invalid data, the form displays error messages and redirects the user to the login page. However, if the user refreshes the page or navigates away and returns to the login page, the same error messages persist.
The Solution
To resolve this issue, we can use sessions to store errors and implement the PRG pattern. We can store errors in the $_SESSION superglobal variable and update the errors statement in create.php as:
$_SESSION['errors'] = $form->errors();
view('session/create.view.php', [ 'errors' => $_SESSION['errors'] ?? [] ]);
But even with this change, the problem still persists. To solve this we have to change return statement as :
return redirect ('/login');
l
It moves the user to login page if any error occurred but don't shows the error to user w
We then flash the $_SESSION superglobal variable to destroy the session after a short time:
$_SESSION['_flashed']['errors'] = $form->errors();
Now you can notice that the problem is solved but to refactor this code we have to add PRG method in a class
The Session Class (PRG pattern)
For refactoring, We create a new file named Core/Session.php containing a Session class that manages user sessions:
<?php namespace Core;
class Session {
public static function has($key) {
return (bool) static::get($key);
}
public static function put($key, $value) {
$_SESSION[$key] = $value;
}
public static function get($key, $default = null) {
return $_SESSION['_flash'][$key] ?? $_SESSION[$key] ?? $default;
}
public static function flash($key, $value) {
$_SESSION['_flash'][$key] = $value;
}
public static function unflash() {
unset($_SESSION['_flash']);
}
public static function flush() {
$_SESSION = [];
}
public static function destroy() {
static::flush();
session_destroy();
$params = session_get_cookie_params();
setcookie('PHPSESSID', '', time() - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
}
}
- The flash method stores data in the $_SESSION['_flash'] array, which is used for session flashing.
- The get method checks if there's flashed data in $_SESSION['_flash'] and returns it. If not, it returns the regular session data or the default value.
- The unflash method unsets the flashed data, making it available only for the next request.
- The PRG pattern is implemented by storing data in the session using the put method, redirecting (e.g., using return redirect('/login');), and then retrieving the data in the next request using the get method.
By using this Session class, we can implement the PRG pattern and session flashing to manage user sessions and prevent duplicate form submissions, and unwanted error message persistence.
has Method
In this file, has method returns a Boolean value indicating whether a key exists in the session:
.
public static function has($key) {
return (bool) static::get($key);
}
Refactoring the Logout Function
In function.php file, we refactor the logout function to use the Session class:
Session::destroy();
Refactoring the get Method
As the project is already working well. But We need to get refactor the get method in Core/Session.php to consolidate the code into a single statement:
public static function get($key, $default = null) {
return $_SESSION['_flash'][$key] ?? $_SESSION[$key] ?? $default;
}
A lot of refactoring is done in our today project to make it better in look ,easy to understand and to increase the performance of the code.
I hope that you have clearly understood it!.
The above is the detailed content of Session Handling with the PRG pattern and Flashing. For more information, please follow other related articles on the PHP Chinese website!
PHP Performance Tuning for High Traffic WebsitesMay 14, 2025 am 12:13 AMThesecrettokeepingaPHP-poweredwebsiterunningsmoothlyunderheavyloadinvolvesseveralkeystrategies:1)ImplementopcodecachingwithOPcachetoreducescriptexecutiontime,2)UsedatabasequerycachingwithRedistolessendatabaseload,3)LeverageCDNslikeCloudflareforservin
Dependency Injection in PHP: Code Examples for BeginnersMay 14, 2025 am 12:08 AMYou should care about DependencyInjection(DI) because it makes your code clearer and easier to maintain. 1) DI makes it more modular by decoupling classes, 2) improves the convenience of testing and code flexibility, 3) Use DI containers to manage complex dependencies, but pay attention to performance impact and circular dependencies, 4) The best practice is to rely on abstract interfaces to achieve loose coupling.
PHP Performance: is it possible to optimize the application?May 14, 2025 am 12:04 AMYes,optimizingaPHPapplicationispossibleandessential.1)ImplementcachingusingAPCutoreducedatabaseload.2)Optimizedatabaseswithindexing,efficientqueries,andconnectionpooling.3)Enhancecodewithbuilt-infunctions,avoidingglobalvariables,andusingopcodecaching
PHP Performance Optimization: The Ultimate GuideMay 14, 2025 am 12:02 AMThekeystrategiestosignificantlyboostPHPapplicationperformanceare:1)UseopcodecachinglikeOPcachetoreduceexecutiontime,2)Optimizedatabaseinteractionswithpreparedstatementsandproperindexing,3)ConfigurewebserverslikeNginxwithPHP-FPMforbetterperformance,4)
PHP Dependency Injection Container: A Quick StartMay 13, 2025 am 12:11 AMAPHPDependencyInjectionContainerisatoolthatmanagesclassdependencies,enhancingcodemodularity,testability,andmaintainability.Itactsasacentralhubforcreatingandinjectingdependencies,thusreducingtightcouplingandeasingunittesting.
Dependency Injection vs. Service Locator in PHPMay 13, 2025 am 12:10 AMSelect DependencyInjection (DI) for large applications, ServiceLocator is suitable for small projects or prototypes. 1) DI improves the testability and modularity of the code through constructor injection. 2) ServiceLocator obtains services through center registration, which is convenient but may lead to an increase in code coupling.
PHP performance optimization strategies.May 13, 2025 am 12:06 AMPHPapplicationscanbeoptimizedforspeedandefficiencyby:1)enablingopcacheinphp.ini,2)usingpreparedstatementswithPDOfordatabasequeries,3)replacingloopswitharray_filterandarray_mapfordataprocessing,4)configuringNginxasareverseproxy,5)implementingcachingwi
PHP Email Validation: Ensuring Emails Are Sent CorrectlyMay 13, 2025 am 12:06 AMPHPemailvalidationinvolvesthreesteps:1)Formatvalidationusingregularexpressionstochecktheemailformat;2)DNSvalidationtoensurethedomainhasavalidMXrecord;3)SMTPvalidation,themostthoroughmethod,whichchecksifthemailboxexistsbyconnectingtotheSMTPserver.Impl
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
Zend Studio 13.0.1
Powerful PHP integrated development environment
SublimeText3 Chinese version
Chinese version, very easy to use
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
