Middlware for encrypting & decrypting cookies.
This middleware layer will encrypt/decrypt the named cookies with the given key and cipher type. To support multiple keys/cipher types use this middleware multiple times.
Cookies in request data will be decrypted, while cookies in response headers will be encrypted automatically. If the response is a Cake\Http\Response, the cookie data set with withCookie()
and `cookie()`` will also be encrypted.
The encryption types and padding are compatible with those used by CookieComponent for backwards compatibility.
string[]
Valid cipher names for encrypted cookies.
string
Encryption type.
string[]
The list of cookies to encrypt/decrypt
string
Encryption key to use.
Explode method to return array from string set in CookieComponent::_implode() Maintains reading backwards compatibility with 1.x CookieComponent::_implode().
__construct(array $cookieNames, string $key, string $cipherType)
Constructor
string[]
$cookieNames The list of cookie names that should have their values encrypted.
string
$key The encryption key to use.
string
$cipherType optional The cipher type to use. Defaults to 'aes'.
_checkCipher(string $encrypt)
Helper method for validating encryption cipher names.
string
$encrypt The cipher name.
RuntimeException
_decode(string $value, mixed $encrypt, ?string $key)
Decodes and decrypts a single value.
string
$value The value to decode & decrypt.
string|false
$encrypt The encryption cipher to use.
string|null
$key Used as the security salt if specified.
string|array
Decoded values.
_decrypt(mixed $values, mixed $mode, ?string $key)
Decrypts $value using public $type method in Security class
string[]|string
$values Values to decrypt
string|false
$mode Encryption mode
string|null
$key optional Used as the security salt if specified.
string|array
Decrypted values
_encrypt(mixed $value, mixed $encrypt, ?string $key)
Encrypts $value using public $type method in Security class
string|array
$value Value to encrypt
string|false
$encrypt Encryption mode to use. False disabled encryption.
string|null
$key optional Used as the security salt if specified.
string
Encoded values
_explode(string $string)
Explode method to return array from string set in CookieComponent::_implode() Maintains reading backwards compatibility with 1.x CookieComponent::_implode().
string
$string A string containing JSON encoded data, or a bare string.
string|array
Map of key and values
_getCookieEncryptionKey()
Fetch the cookie encryption key.
Part of the CookieCryptTrait implementation.
string
_implode(array $array)
Implode method to keep keys are multidimensional arrays
array
$array Map of key and values
string
A JSON encoded string.
decodeCookies(\Psr\Http\Message\ServerRequestInterface $request)
Decode cookies from the request.
\Psr\Http\Message\ServerRequestInterface
$request The request to decode cookies from.
\Psr\Http\Message\ServerRequestInterface
Updated request with decoded cookies.
encodeCookies(\Cake\Http\Response $response)
Encode cookies from a response's CookieCollection.
\Cake\Http\Response
$response The response to encode cookies in.
\Cake\Http\Response
Updated response with encoded cookies.
encodeSetCookieHeader(\Psr\Http\Message\ResponseInterface $response)
Encode cookies from a response's Set-Cookie header
\Psr\Http\Message\ResponseInterface
$response The response to encode cookies in.
\Psr\Http\Message\ResponseInterface
Updated response with encoded cookies.
process(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Server\RequestHandlerInterface $handler)
Apply cookie encryption/decryption.
\Psr\Http\Message\ServerRequestInterface
$request The request.
\Psr\Http\Server\RequestHandlerInterface
$handler The request handler.
\Psr\Http\Message\ResponseInterface
A response.
Valid cipher names for encrypted cookies.
string[]
Encryption type.
string
The list of cookies to encrypt/decrypt
string[]
Encryption key to use.
string
© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/4.1/class-Cake.Http.Middleware.EncryptedCookieMiddleware.html