Class EncryptedCookieMiddleware
Middlware for encrypting & decrypting cookies.
This middleware layer will encrypt/decrypt the named cookies with the given key and cipher type. To support multiple keys/cipher types use this middleware multiple times.
Cookies in request data will be decrypted, while cookies in response headers will be encrypted automatically. If the response is a Cake\Http\Response, the cookie data set with withCookie()
and `cookie()`` will also be encrypted.
The encryption types and padding are compatible with those used by CookieComponent for backwards compatibility.
- Cake\Http\Middleware\EncryptedCookieMiddleware uses Cake\Utility\CookieCryptTrait
Properties summary
-
$cipherType
protectedEncryption type.string
-
$cookieNames
protectedThe list of cookies to encrypt/decryptarray
-
$key
protectedEncryption key to use.string
Inherited Properties
Method Summary
- __construct() publicConstructor
- __invoke() publicApply cookie encryption/decryption.
- _getCookieEncryptionKey() protectedFetch the cookie encryption key.
- decodeCookies() protectedDecode cookies from the request.
- encodeCookies() protectedEncode cookies from a response's CookieCollection.
- encodeSetCookieHeader() protectedEncode cookies from a response's Set-Cookie header
Method Detail
__construct()source public
__construct( array $cookieNames , string $key , string $cipherType = 'aes' )
Constructor
Parameters
- array
$cookieNames
- The list of cookie names that should have their values encrypted.
- string
$key
- The encryption key to use.
- string
$cipherType
optional 'aes' The cipher type to use. Defaults to 'aes', but can also be 'rijndael' for backwards compatibility.
__invoke()source public
__invoke( Psr\Http\Message\ServerRequestInterface $request , Psr\Http\Message\ResponseInterface $response , callable $next )
Apply cookie encryption/decryption.
Parameters
- Psr\Http\Message\ServerRequestInterface
$request
- The request.
- Psr\Http\Message\ResponseInterface
$response
- The response.
- callable
$next
- The next middleware to call.
Returns
Psr\Http\Message\ResponseInterfaceA response.
_getCookieEncryptionKey()source protected
_getCookieEncryptionKey( )
Fetch the cookie encryption key.
Part of the CookieCryptTrait implementation.
Returns
stringdecodeCookies()source protected
decodeCookies( Psr\Http\Message\ServerRequestInterface $request )
Decode cookies from the request.
Parameters
- Psr\Http\Message\ServerRequestInterface
$request
- The request to decode cookies from.
Returns
Psr\Http\Message\ServerRequestInterfaceUpdated request with decoded cookies.
encodeCookies()source protected
encodeCookies( Cake\Http\Response $response )
Encode cookies from a response's CookieCollection.
Parameters
-
Cake\Http\Response
$response
- The response to encode cookies in.
Returns
Cake\Http\Response
Updated response with encoded cookies.
encodeSetCookieHeader()source protected
encodeSetCookieHeader( Psr\Http\Message\ResponseInterface $response )
Encode cookies from a response's Set-Cookie header
Parameters
- Psr\Http\Message\ResponseInterface
$response
- The response to encode cookies in.
Returns
Psr\Http\Message\ResponseInterfaceUpdated response with encoded cookies.
Methods used from Cake\Utility\CookieCryptTrait
_checkCipher()source protected
_checkCipher( string $encrypt )
Helper method for validating encryption cipher names.
Parameters
- string
$encrypt
- The cipher name.
Throws
RuntimeExceptionWhen an invalid cipher is provided.
_decode()source protected
_decode( string $value , string|false $encrypt , string|null $key )
Decodes and decrypts a single value.
Parameters
- string
$value
- The value to decode & decrypt.
- string|false
$encrypt
- The encryption cipher to use.
- string|null
$key
- Used as the security salt if specified.
Returns
string|arrayDecoded values.
_decrypt()source protected
_decrypt( array $values , string|boolean $mode , string|null $key = null )
Decrypts $value using public $type method in Security class
Parameters
- array
$values
- Values to decrypt
- string|boolean
$mode
- Encryption mode
- string|null
$key
optional null - Used as the security salt if specified.
Returns
string|arrayDecrypted values
_encrypt()source protected
_encrypt( string $value , string|boolean $encrypt , string|null $key = null )
Encrypts $value using public $type method in Security class
Parameters
- string
$value
- Value to encrypt
- string|boolean
$encrypt
Encryption mode to use. False disabled encryption.
- string|null
$key
optional null - Used as the security salt if specified.
Returns
stringEncoded values
_explode()source protected
_explode( string $string )
Explode method to return array from string set in CookieComponent::_implode() Maintains reading backwards compatibility with 1.x CookieComponent::_implode().
Parameters
- string
$string
- A string containing JSON encoded data, or a bare string.
Returns
string|arrayMap of key and values
_implode()source protected
_implode( array $array )
Implode method to keep keys are multidimensional arrays
Parameters
- array
$array
- Map of key and values
Returns
stringA json encoded string.
Properties detail
© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/3.6/class-Cake.Http.Middleware.EncryptedCookieMiddleware.html