# Session It uses the `cherrycake_session` table in the [Cherrycake skeleton database](https://cherrycake.tin.cat/version-1.x-beta/guide/getting-started#setting-up-the-skeleton-database) to store sessions, and caches them on the provided `sessionCacheProviderName`. Session ids are generated by hashing 128 random bytes with a SHA512 algorithm, giving 128 hexits that constitute an effectively unpredictable session id to avoid session hijacking or collision. Session id collisions are not checked because the probability of getting a collision is so low (1 in 16^128, or 1 in 1.3x10^154, a number *way* bigger than the estimated number of atoms in the observable universe) that it's preferable to have that security bug instead of having to perform that additional check on each newly created session. A data storage mechanism is provided to store basic information within each session. The data is stored as a serialized array on the `data` field. When requesting an update of this data, the cache is flushed so it will generate an additional database hit on the next request. > The sessions table must be maintained often in order to remove old sessions. Otherwise, a point will be reached where all possible session ids are used and the module will remove the oldest session from the database in order to make room for the new one, effectively generating stress on the database. This will most probably happen a while after the maximum entropy point has been reached and all the stars in the universe have gone extinct. The `JanitorTaskSession` is required to be run in order to do this maintenance work, so be sure to [add it](https://cherrycake.tin.cat/version-1.x-beta/guide/janitor-guide) to your `Janitor.config.php`. > See the [Session guide](https://cherrycake.tin.cat/version-1.x-beta/guide/session-guide) to learn how to work with the Session module. ## Configuration * **`sessionDatabaseProviderName`** The name of the database provider to use for storing sessions. Default: `main` * **`sessionTableName`** The name of the table used to store sessions. Default: `cherrycake_session` * **`sessionCacheProviderName`** The name of the cache provider to use to store sessions and the counter of created sessions. Default: `engine` * **`sessionCacheTtl`** The TTL of cached sessions, one of the available [`CACHE_TTL_?`](https://cherrycake.tin.cat/version-1.x-beta/reference/cache#constants). Default: `CACHE_TTL_SHORT`. * **`cachePrefix`** The cache prefix to use when storing sessions into cache. Default: `Session` * **`cookieName`** The name of the cookie. Recommended to be changed. Defaut: `cherrycake` * **`cookiePath`** The path of the cookie. If set to "/", it will be available within the entire domain. Default: `/` * **`cookieSecure`** If set to true, the cookie will only be sent when the current request is secure (SSL). Default: `false` * **`cookieHttpOnly`** If set to true, the cookie only will be sent when an HTTP request is made. Default: `false` * **`sessionDuration`** The duration of the session in seconds. If set to zero, the session will last until the browser is closed. Default: `2592000` (one month) * **`isSessionRenew`** When set to true, the duration of the session will be renewed to a new `sessionDuration` every time a request is made. If set to false, the cookie will expire after `sessionDuration`, no matter how many times the session is requested. Default: `true`