phpsecSession
Implements a session handler to save session data encrypted.
Hierarchy
Properties
| Name | Description |
|---|---|
| phpsecSession::$_currID | |
| phpsecSession::$_keyCookie | |
| phpsecSession::$_name | |
| phpsecSession::$_newID | |
| phpsecSession::$_savePath | |
| phpsecSession::$_secret |
Functions & methods
| Name | Description |
|---|---|
| phpsecSession::close | Close a session. |
| phpsecSession::destroy | Destroy/remove a session. |
| phpsecSession::gc | Do garbage collection. |
| phpsecSession::open | Open a session. |
| phpsecSession::read | Read and decrypt a session. |
| phpsecSession::setSecret | Set the cookie with the secret. |
| phpsecSession::write | Encrypt and save a session. |
phpsec/
View source
<?php
class phpsecSession {
private static $_savePath;
private static $_name;
private static $_keyCookie;
private static $_secret;
private static $_currID;
private static $_newID;
/**
* Open a session.
*
* @param string $path
* @param string $name
* @return bool
*/
public static function open($path, $name) {
/* Set some variables we need later. */
self::$_savePath = $path;
self::$_name = $name;
self::$_keyCookie = $name . '_secret';
/* Set current and new ID. */
if (isset($_COOKIE[$name])) {
self::$_currID = $_COOKIE[$name];
}
else {
self::$_currID = null;
}
self::$_newID = phpsecRand::str(128);
/* Set cookie with new session ID. */
$cookieParam = session_get_cookie_params();
setcookie(
$name,
self::$_newID,
$cookieParam['lifetime'],
$cookieParam['path'],
$cookieParam['domain'],
$cookieParam['secure'],
$cookieParam['httponly']
);
/* If we don't have a encryption key, create one. */
if (!isset($_COOKIE[self::$_keyCookie])) {
/* Create a secret used for encryption of session. */
self::setSecret();
}
else {
self::$_secret = base64_decode($_COOKIE[self::$_keyCookie]);
}
return true;
}
/**
* Close a session.
*
* @return bool
*/
public static function close() {
return true;
}
/**
* Read and decrypt a session.
*
* @param string $id
* @return mixed
*/
public static function read($id) {
/* If no cookie is set, just dropi it! */
if (!isset($_COOKIE[self::$_name])) {
return false;
}
/* Read from store and decrypt. */
$sessData = phpsec::$store->read('session', $_COOKIE[self::$_name]);
if ($sessData !== false ) {
$return = phpsecCrypt::decrypt($sessData, self::$_secret);
}
else {
$return = false;
}
return $return;
}
/**
* Encrypt and save a session.
*
* @param string $id
* @param string $data
* @return bool
*/
public static function write($id, $data) {
/* Encrypt session. */
$encrypted = phpsecCrypt::encrypt($data, self::$_secret);
/* Destroy old session. */
self::destroy(self::$_currID);
/* Write new session, with new ID. */
return phpsec::$store->write('session', self::$_newID, $encrypted);
}
/**
* Destroy/remove a session.
*
* @param string $id
* @return bool
*/
public static function destroy($id) {
return phpsec::$store->delete('session', $id);
}
/**
* Do garbage collection.
*
* @param integer $ttl
* @return bool
*/
public static function gc($ttl) {
$Ids = phpsec::$store->listIds('session');
foreach ($Ids as $Id) {
$data = phpsec::$store->meta('session', $Id);
if ($data->time + $ttl < time()) {
phpsec::$store->delete('session', $Id);
}
}
return true;
}
/**
* Set the cookie with the secret.
*
* @return true
*/
private static function setSecret() {
self::$_secret = phpsecRand::bytes(32);
$cookieParam = session_get_cookie_params();
setcookie(
self::$_keyCookie,
base64_encode(self::$_secret),
$cookieParam['lifetime'],
$cookieParam['path'],
$cookieParam['domain'],
$cookieParam['secure'],
$cookieParam['httponly']
);
return true;
}
}
?>Copyright (c) 2011, 2012 Audun Larsen.
Drupal theme by Kiwi Themes.Search documentation
Flattr phpSec
If you like phpSec, please consider supporting the development using Flattr.
I also accept bitcoins to the following address: 173kCNeud3BrTY4mQnAiC6jqsTfvbpXfhM
If you want a private address to donate to, please contact me (see above). You can se how many donations I have recieved here.