codeigniter4 · michalsn · Jan 1, 2026 · Dec 11, 2025 · Dec 11, 2025 · Dec 11, 2025
diff --git a/app/Config/Session.php b/app/Config/Session.php
@@ -14,6 +14,7 @@ class Session extends BaseConfig
      * --------------------------------------------------------------------------
      *
      * The session storage driver to use:
+     * - `CodeIgniter\Session\Handlers\ArrayHandler` (for testing)
      * - `CodeIgniter\Session\Handlers\FileHandler`
      * - `CodeIgniter\Session\Handlers\DatabaseHandler`
      * - `CodeIgniter\Session\Handlers\MemcachedHandler`

diff --git a/system/Language/en/Session.php b/system/Language/en/Session.php
@@ -13,7 +13,7 @@
 
 // Session language settings
 return [
-    'missingDatabaseTable'   => '"sessionSavePath" must have the table name for the Database Session Handler to work.',
+    'missingDatabaseTable'   => 'Session: "savePath" must have the table name for the Database Session Handler to work.',
     'invalidSavePath'        => 'Session: Configured save path "{0}" is not a directory, does not exist or cannot be created.',
     'writeProtectedSavePath' => 'Session: Configured save path "{0}" is not writable by the PHP process.',
     'emptySavePath'          => 'Session: No save path configured.',

diff --git a/system/Session/Handlers/ArrayHandler.php b/system/Session/Handlers/ArrayHandler.php
@@ -21,13 +21,16 @@
  */
 class ArrayHandler extends BaseHandler
 {
+    /**
+     * @var array<string, mixed>
+     */
     protected static $cache = [];
 
     /**
      * Re-initialize existing session, or creates a new one.
      *
-     * @param string $path The path where to store/retrieve the session
-     * @param string $name The session name
+     * @param string $path The path where to store/retrieve the session.
+     * @param string $name The session name.
      */
     public function open($path, $name): bool
     {
@@ -37,7 +40,7 @@ public function open($path, $name): bool
     /**
      * Reads the session data from the session storage, and returns the results.
      *
-     * @param string $id The session ID
+     * @param string $id The session ID.
      *
      * @return false|string Returns an encoded string of the read data.
      *                      If nothing was read, it must return false.
@@ -51,8 +54,8 @@ public function read($id)
     /**
      * Writes the session data to the session storage.
      *
-     * @param string $id   The session ID
-     * @param string $data The encoded session data
+     * @param string $id   The session ID.
+     * @param string $data The encoded session data.
      */
     public function write($id, $data): bool
     {
@@ -68,9 +71,9 @@ public function close(): bool
     }
 
     /**
-     * Destroys a session
+     * Destroys a session.
      *
-     * @param string $id The session ID being destroyed
+     * @param string $id The session ID being destroyed.
      */
     public function destroy($id): bool
     {

diff --git a/system/Session/Handlers/BaseHandler.php b/system/Session/Handlers/BaseHandler.php
@@ -19,7 +19,7 @@
 use SessionHandlerInterface;
 
 /**
- * Base class for session handling
+ * Base class for session handling.
  */
 abstract class BaseHandler implements SessionHandlerInterface
 {
@@ -40,7 +40,7 @@ abstract class BaseHandler implements SessionHandlerInterface
     protected $lock = false;
 
     /**
-     * Cookie prefix
+     * Cookie prefix.
      *
      * The Config\Cookie::$prefix setting is completely ignored.
      * See https://codeigniter.com/user_guide/libraries/sessions.html#session-preferences
@@ -50,14 +50,14 @@ abstract class BaseHandler implements SessionHandlerInterface
     protected $cookiePrefix = '';
 
     /**
-     * Cookie domain
+     * Cookie domain.
      *
      * @var string
      */
     protected $cookieDomain = '';
 
     /**
-     * Cookie path
+     * Cookie path.
      *
      * @var string
      */
@@ -71,7 +71,7 @@ abstract class BaseHandler implements SessionHandlerInterface
     protected $cookieSecure = false;
 
     /**
-     * Cookie name to use
+     * Cookie name to use.
      *
      * @var string
      */
@@ -85,17 +85,17 @@ abstract class BaseHandler implements SessionHandlerInterface
     protected $matchIP = false;
 
     /**
-     * Current session ID
+     * Current session ID.
      *
      * @var string|null
      */
     protected $sessionID;
 
     /**
      * The 'save path' for the session
-     * varies between
+     * varies between.
      *
-     * @var array|string
+     * @var array<string, mixed>|string
      */
     protected $savePath;
 

diff --git a/system/Session/Handlers/DatabaseHandler.php b/system/Session/Handlers/DatabaseHandler.php
@@ -21,7 +21,7 @@
 use ReturnTypeWillChange;
 
 /**
- * Base database session handler
+ * Base database session handler.
  *
  * Do not use this class. Use database specific handler class.
  */
@@ -49,21 +49,21 @@ class DatabaseHandler extends BaseHandler
     protected $db;
 
     /**
-     * The database type
+     * The database type.
      *
      * @var string
      */
     protected $platform;
 
     /**
-     * Row exists flag
+     * Row exists flag.
      *
      * @var bool
      */
     protected $rowExists = false;
 
     /**
-     * ID prefix for multiple session cookies
+     * ID prefix for multiple session cookies.
      */
     protected string $idPrefix;
 
@@ -74,16 +74,16 @@ public function __construct(SessionConfig $config, string $ipAddress)
     {
         parent::__construct($config, $ipAddress);
 
-        // Store Session configurations
-        $this->DBGroup = $config->DBGroup ?? config(Database::class)->defaultGroup;
-        // Add sessionCookieName for multiple session cookies.
-        $this->idPrefix = $config->cookieName . ':';
-
         $this->table = $this->savePath;
-        if (empty($this->table)) {
+
+        if ($this->table === '') {
             throw SessionException::forMissingDatabaseTable();
         }
 
+        // Store Session configurations
+        $this->DBGroup = $config->DBGroup ?? config(Database::class)->defaultGroup;
+        // Add session cookie name for multiple session cookies.
+        $this->idPrefix = $config->cookieName . ':';
         $this->db       = Database::connect($this->DBGroup);
         $this->platform = $this->db->getPlatform();
     }
@@ -96,7 +96,7 @@ public function __construct(SessionConfig $config, string $ipAddress)
      */
     public function open($path, $name): bool
     {
-        if (empty($this->db->connID)) {
+        if ($this->db->connID === false) {
             $this->db->initialize();
         }
 
@@ -153,7 +153,7 @@ public function read($id)
     }
 
     /**
-     * Sets SELECT clause
+     * Sets SELECT clause.
      *
      * @return void
      */
@@ -163,7 +163,7 @@ protected function setSelect(BaseBuilder $builder)
     }
 
     /**
-     * Decodes column data
+     * Decodes column data.
      *
      * @param string $data
      *
@@ -177,8 +177,8 @@ protected function decodeData($data)
     /**
      * Writes the session data to the session storage.
      *
-     * @param string $id   The session ID
-     * @param string $data The encoded session data
+     * @param string $id   The session ID.
+     * @param string $data The encoded session data.
      */
     public function write($id, $data): bool
     {
@@ -230,7 +230,7 @@ public function write($id, $data): bool
     }
 
     /**
-     * Prepare data to insert/update
+     * Prepare data to insert/update.
      */
     protected function prepareData(string $data): string
     {
@@ -246,9 +246,9 @@ public function close(): bool
     }
 
     /**
-     * Destroys a session
+     * Destroys a session.
      *
-     * @param string $id The session ID being destroyed
+     * @param string $id The session ID being destroyed.
      */
     public function destroy($id): bool
     {

diff --git a/system/Session/Handlers/FileHandler.php b/system/Session/Handlers/FileHandler.php
@@ -19,7 +19,7 @@
 use ReturnTypeWillChange;
 
 /**
- * Session handler using file system for storage
+ * Session handler using file system for storage.
  */
 class FileHandler extends BaseHandler
 {
@@ -31,14 +31,14 @@ class FileHandler extends BaseHandler
     protected $savePath;
 
     /**
-     * The file handle
+     * The file handle.
      *
      * @var resource|null
      */
     protected $fileHandle;
 
     /**
-     * File Name
+     * File Name.
      *
      * @var string
      */
@@ -59,7 +59,7 @@ class FileHandler extends BaseHandler
     protected $matchIP = false;
 
     /**
-     * Regex of session ID
+     * Regex of session ID.
      *
      * @var string
      */
@@ -69,7 +69,7 @@ public function __construct(SessionConfig $config, string $ipAddress)
     {
         parent::__construct($config, $ipAddress);
 
-        if (! empty($this->savePath)) {
+        if ($this->savePath !== '') {
             $this->savePath = rtrim($this->savePath, '/\\');
             ini_set('session.save_path', $this->savePath);
         } else {
@@ -88,8 +88,8 @@ public function __construct(SessionConfig $config, string $ipAddress)
     /**
      * Re-initialize existing session, or creates a new one.
      *
-     * @param string $path The path where to store/retrieve the session
-     * @param string $name The session name
+     * @param string $path The path where to store/retrieve the session.
+     * @param string $name The session name.
      *
      * @throws SessionException
      */
@@ -114,7 +114,7 @@ public function open($path, $name): bool
     /**
      * Reads the session data from the session storage, and returns the results.
      *
-     * @param string $id The session ID
+     * @param string $id The session ID.
      *
      * @return false|string Returns an encoded string of the read data.
      *                      If nothing was read, it must return false.
@@ -175,8 +175,8 @@ public function read($id)
     /**
      * Writes the session data to the session storage.
      *
-     * @param string $id   The session ID
-     * @param string $data The encoded session data
+     * @param string $id   The session ID.
+     * @param string $data The encoded session data.
      */
     public function write($id, $data): bool
     {
@@ -239,9 +239,9 @@ public function close(): bool
     }
 
     /**
-     * Destroys a session
+     * Destroys a session.
      *
-     * @param string $id The session ID being destroyed
+     * @param string $id The session ID being destroyed.
      */
     public function destroy($id): bool
     {
@@ -310,7 +310,7 @@ public function gc($max_lifetime)
     }
 
     /**
-     * Configure Session ID regular expression
+     * Configure Session ID regular expression.
      *
      * To make life easier, we force the PHP defaults. Because PHP9 forces them.
      *