The security of session handling in PHP can easily be enhanced through the use of a few configuration settings and the addition of an SSL certificate. Whilst this topic has been covered numerous times before it still bears mentioning with a large number of PHP sites and servers having not implemented these features.

He talks about the httponly flag when setting the cookie/in the configuration, the "use only cookies" for sessions and forcing them to be "secure only".

I just released the initial version of PuPHPet, my GUI-based gnerator for Vagrant/Puppet environments! [...] Enter PuPHPet, my GUI configurator. I have created a simple, easy to use web app that targets PHP developers and the classic LAMP stack. You will not need to learn the ins and outs of Vagrant or Puppet to build your own working VM to your specific needs. As of now you can define things like custom virtual hosts, what version of PHP to install, set up some MySQL databases, etc, all without having to touch a manifest file.

His tool (hosted version is here) lets you define things like machine name, IP address, memory and target folder. You can pick from various server, PHP, MySQL and Apache packages you want installed as well. A custom archive (zip) file will be created that can be dropped into your system ready for use.

One thing you may find yourself needing to do is access configuration information in a controller or service class. The easiest way to do this is to use the ServiceManger's initialiser feature. This allows you to write one piece of injection code that can be applied to multiple objects. It's easier to show this in action!

He includes a sample configuration file (with a setting for "setting_1") and the interface you implement to structure the load request. He then shows how to hook this into the controller and the code needed for the module "getControllerConfig" (or "getServiceConfig" for use with services) to load in the file and set it to the correct object.

Composer is something special in the world of PHP. It has changed the way we handle application dependencies, and quelled the tears of many PHP developers. You see, in the olden days, when you wanted to build an application that relied on third party dependencies you would have to install them with PEAR or PECL. These two dependency managers both have a very limited set of outdated dependencies and have been a thorn in the side of PHP developers for a long time. [...] Enter composer, king of the package managers.

He jumps right in and gets into the configuration (the composer.json file) and using it to describe the package. He shows how to set up "required" resources complete with version number information. There's a bit about setting up autoloading and classmaps too. He then moves on to getting the tool installed and using the composer.json definition to load in needed packages (and development ones if needed).

I'm a huge fan of Phing and use it regularly for build and deployment tasks. Often, I'll ask about a plugin that I wish existed, and get a very courteous "patches welcome" from the nice people in the #phing channel on freenode. This has happened a few times, so I thought I should probably look at how to make a new phing plugin, this article shows you how to make the simplest thing I could think of: a simple "hello world" plugin.

She points you to the location to grab the latest version of the tool (the github repository) and how to define a configuration file for your test runs. Then she includes the sample code showing how to create the "HelloTask" plugin. It takes an input value of "name" and displays a greeting when executed. She shows the syntax for defining this in the XML build file and the sample result when executed.

I will be continuing the topic on Continuous Delivery which began in my previous post: Notes on Continuous Integration; this time we will start looking at the first and most important step, Configuration Management. In the words of the authors (resource below): Configuration Management refers to the process by which all artifacts ... and the relationships between them, are stored, retrieved, uniquely identified, and modified.

He sets out four principles that can be used to set this process up in your workflow:

• Keep everything in version control
• Manage dependencies
• Manage software configuration
• Manage environments

Each point has an explanation and advice on what he's found the best way to implement the functionality. He finishes with a few other pieces of advice including avoiding branching in config repositories and having good communication practices with your ops team.

I have been using a Linux install for a couple years now and it has development checkouts (and matching databases + live data) for dozens of sites. Since I create a new virtual host for each site there hasn't been any problems piling more and more projects into this system. However, this computer won't last forever. [...] Should I setup a new VM + debian install for each project (seems like a lot of work). Should I just move everything to an external drive and point the MySQL data, MongoDB data, Nginx web folders to the attached drive? How do others handle this?

There's several suggestions made in the comments including things like:

• Using Ansible for configuration management
• Bundling the current linux install into one portable VM
• Using Vagrant for VM management
• Using source control that can be accessed from any device/VM

Have a VM management method you've found useful in your development? Share some about it here.

My idea is to store this information within a Service Container (we will use Symfony's DIC). For example here we can [define] our routes.yml. [...] We need to implement one Extension for the alias "routes". We only will implement the needed functions for YAML files in this example.

He includes the code for the extension ("SilexRouteExtension") that can be used to parse the "routes.yml" file to inject the custom routing into your application. This includes the pattern to match, the controller to route it to and the target method. You can also set some requirements like the request method (in this case "GET").

The need to diagnose and troubleshoot application's failures often comes up during deployment to a hosting environment. Some configuration settings in hosting server may differ from what application expects. Often it is not as easy to figure out the cause of the problem in a hosting environment as it is on a development machine. I found the following techniques useful when troubleshooting errors in PHP applications hosted in Windows Azure Web Sites.

He shares seven different tips, some pretty simple, others a bit more difficult requiring other software to be up and working:

• Using phpinfo()
• Checking the wincache settings
• Looking at your error logs
• Turning on the display_errors setting
• Turning on HTTP logging, detailed errors and failed request tracking in the control panel
• Using XDebug
• Getting the statistics for your ClearDB instance

It happens more and more: large projects where your symfony2 site is just a small part in the big picture. Lots of additional components might even play a bigger part, especially when you are dealing with asynchronous components which are connected through message queues for instance. [...] Our first idea is obvious: symfony2 uses by default a parameters.yml file, which gets imported by your configuration (config.yml) [...] So nothing new here and this setup works perfectly, provided that your symfony2 project is the ONLY thing that needs to be configured. As soon as you add multiple other components (like gearman or activemq workers that need to connect to solr too), they need to share this configuration.

His solution involves falling back to the INI-file format that's known as useful for several different languages and tools. Because of how Symfony2 reads these files though (only looking for "parameters") he's had to create a "ConfFileLoader" instance of the "FileLoader" that uses the parse_ini_file method to parse the data and return it back to the main container as parameters. He also includes the code/config you'll need to implement this custom loader into your application.