Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Sessions that expire - in a user-comfy manner
Role-based session expiration/prolongation
Drupal 7's default session settings make sessions live almost indefinitely - that may present security and performance issues.
State get's round the problem by combining roles with user-activitity sensing and AJAX calls.
Sessions may still continue indefinetely for some kinds of users
- say non-logged-in visitors to your web shop.
No need to change settings in the site's settings.php file
State may effectively - if configured so on it's settings page - override the sessions settings of settings.php (since State v. 2.0).
Good bye to 'form expired'
And no visitor will ever encounter 'form expired' upon posting a form again.
State will warn the user, if the current page has hung around too long.
Set Drupal messages that survive user logout
state_set_message('Tell the user why she/he got logged out...');
Is current request a page or an AJAX request?
state_is_page_request();
State provides simple means for checking and counting requests, by type.
Safe and easy session variables
Drupal provide no means for securing against session variable collisions.
If your module or theme sets $_SESSION['my_session'] that may easily interfere with the core system or another module - using a session variable of the same name.
State provides functions for setting/getting/increasing/removing session variables like:
$_SESSION['module']['my_module'] and $_SESSION['application']['my_application']
Safe and easy cookie handing
Setting cookies using Drupals cookie domain, path etc. is overly complicated.
And conflicts may occur, if two cookies (of different sites) un-intendly use the same cookie domain.
State has simple setters and getters - PHP as well as Javascript - for working with domain-safe cookies.
The backend cookie functions/methods are also aware of cookies modified earlier in a request - normally you cannot 'see' a new cookie until next request.
For more info on session prolongation and countermeasures to form expiration,
check this technical page.
Documentation
Requirements
PHP 5.3+
Project information
- Module categories: Developer Tools, Security
18 sites report using this module- Created by jacobfriis on , updated
Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.
