Session id handler

[dakorpar]

In some cases (api for example) we need to be able not to use cookies for reading/writing session id but rather handle session_id reading writing on our own... I already saw a few forum posts regarding that and I am also in simmiliar situation now that having such a feature is kinda a must. I could also prepare PR, but want to hear a few thoughts first....

[mabar]

You mean this one, right? https://forum.nette.org/en/34621-do-not-save-sessions-on-authorization-in-api-access

Imho all you need is to implement Nette\Security\UserStorage which would use simple array instead of session and set it as storage to user, nothing more. Maybe also create ApiUser extends Nette\Security\User and register it as a separate service so it's easier to work with.

[dakorpar]

Nope, it won't work. In most cases we have session data (yes I know api should be stateless but doesn't really work in my case) only if I can set session_id on my own I'll be able to solve this without a lot of refactoring.

[dg]

I don't understand this issue. Session ID can be set with session_id(...), isn't it?

[dakorpar]

@dg in some cases it will be regenerated by nette and that's not ideal... Also cookie will allways be sent, also not ideal...