Middleware for encrypting & decrypting cookies.
This middleware layer will encrypt/decrypt the named cookies with the given key and cipher type. To support multiple keys/cipher types use this middleware multiple times.
Cookies in request data will be decrypted, while cookies in response headers will be encrypted automatically. If the response is a {@link \Cake\Http\Response}, the cookie data set with withCookie() and `cookie()`` will also be encrypted.
The encryption types and padding are compatible with those used by CookieComponent for backwards compatibility.
array<string>Valid cipher names for encrypted cookies.
stringEncryption type.
array<string>The list of cookies to encrypt/decrypt
stringEncryption key to use.
Constructor
Helper method for validating encryption cipher names.
Decodes and decrypts a single value.
Decrypts $value using public $type method in Security class
Encrypts $value using public $type method in Security class
Explode method to return array from string set in CookieComponent::_implode() Maintains reading backwards compatibility with 1.x CookieComponent::_implode().
Fetch the cookie encryption key.
Implode method to keep keys are multidimensional arrays
Decode cookies from the request.
Encode cookies from a response's CookieCollection.
Encode cookies from a response's Set-Cookie header
Apply cookie encryption/decryption.
__construct(array<string> $cookieNames, string $key, string $cipherType = 'aes')
Constructor
array<string> $cookieNames The list of cookie names that should have their values encrypted.
string $key The encryption key to use.
string $cipherType optional The cipher type to use. Defaults to 'aes'.
_checkCipher(string $encrypt): void
Helper method for validating encryption cipher names.
string $encrypt The cipher name.
voidRuntimeException_decode(string $value, string|false $encrypt, string|null $key): array|string
Decodes and decrypts a single value.
string $value The value to decode & decrypt.
string|false $encrypt The encryption cipher to use.
string|null $key Used as the security salt if specified.
array|string_decrypt(array<string>|string $values, string|false $mode, string|null $key = null): array|string
Decrypts $value using public $type method in Security class
array<string>|string $values Values to decrypt
string|false $mode Encryption mode
string|null $key optional Used as the security salt if specified.
array|string_encrypt(array|string $value, string|false $encrypt, string|null $key = null): string
Encrypts $value using public $type method in Security class
array|string $value Value to encrypt
string|false $encrypt Encryption mode to use. False disabled encryption.
string|null $key optional Used as the security salt if specified.
string_explode(string $string): array|string
Explode method to return array from string set in CookieComponent::_implode() Maintains reading backwards compatibility with 1.x CookieComponent::_implode().
string $string A string containing JSON encoded data, or a bare string.
array|string_getCookieEncryptionKey(): string
Fetch the cookie encryption key.
Part of the CookieCryptTrait implementation.
string_implode(array $array): string
Implode method to keep keys are multidimensional arrays
array $array Map of key and values
stringdecodeCookies(Psr\Http\Message\ServerRequestInterface $request): Psr\Http\Message\ServerRequestInterface
Decode cookies from the request.
Psr\Http\Message\ServerRequestInterface $request The request to decode cookies from.
Psr\Http\Message\ServerRequestInterfaceencodeCookies(Cake\Http\Response $response): Cake\Http\Response
Encode cookies from a response's CookieCollection.
Cake\Http\Response $response The response to encode cookies in.
Cake\Http\ResponseencodeSetCookieHeader(Psr\Http\Message\ResponseInterface $response): Psr\Http\Message\ResponseInterface
Encode cookies from a response's Set-Cookie header
Psr\Http\Message\ResponseInterface $response The response to encode cookies in.
Psr\Http\Message\ResponseInterfaceprocess(ServerRequestInterface $request, RequestHandlerInterface $handler): Psr\Http\Message\ResponseInterface
Apply cookie encryption/decryption.
Processes an incoming server request in order to produce a response. If unable to produce the response itself, it may delegate to the provided request handler to do so.
ServerRequestInterface $request The request.
RequestHandlerInterface $handler The request handler.
Psr\Http\Message\ResponseInterfaceValid cipher names for encrypted cookies.
array<string>Encryption type.
stringThe list of cookies to encrypt/decrypt
array<string>Encryption key to use.
string
© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/4.4/class-Cake.Http.Middleware.EncryptedCookieMiddleware.html