Class EncryptedCookieMiddleware

Middlware for encrypting & decrypting cookies.

This middleware layer will encrypt/decrypt the named cookies with the given key and cipher type. To support multiple keys/cipher types use this middleware multiple times.

Cookies in request data will be decrypted, while cookies in response headers will be encrypted automatically. If the response is a Cake\Http\Response, the cookie data set with withCookie() and `cookie()`` will also be encrypted.

The encryption types and padding are compatible with those used by CookieComponent for backwards compatibility.

Cake\Http\Middleware\EncryptedCookieMiddleware uses Cake\Utility\CookieCryptTrait

Properties summary

  • $cipherType protected
    string
    Encryption type.
  • $cookieNames protected
    array
    The list of cookies to encrypt/decrypt
  • $key protected
    string
    Encrpytion key to use.

Inherited Properties

Method Summary

Method Detail

__construct()source public

__construct( array $cookieNames , string $key , string $cipherType 'aes' )

Constructor

Parameters

array $cookieNames
The list of cookie names that should have their values encrypted.
string $key
The encryption key to use.
string $cipherType optional 'aes'

The cipher type to use. Defaults to 'aes', but can also be 'rijndael' for backwards compatibility.

__invoke()source public

__invoke( Psr\Http\Message\ServerRequestInterface $request , Psr\Http\Message\ResponseInterface $response , callable $next )

Apply cookie encryption/decryption.

Parameters

Psr\Http\Message\ServerRequestInterface $request
The request.
Psr\Http\Message\ResponseInterface $response
The response.
callable $next
The next middleware to call.

Returns

Psr\Http\Message\ResponseInterface
A response.

_getCookieEncryptionKey()source protected

_getCookieEncryptionKey( )

Fetch the cookie encryption key.

Part of the CookieCryptTrait implementation.

Returns

string

decodeCookies()source protected

decodeCookies( Psr\Http\Message\ServerRequestInterface $request )

Decode cookies from the request.

Parameters

Psr\Http\Message\ServerRequestInterface $request
The request to decode cookies from.

Returns

Psr\Http\Message\ServerRequestInterface
Updated request with decoded cookies.

encodeCookies()source protected

encodeCookies( Cake\Http\Response $response )

Encode cookies from a response's CookieCollection.

Parameters

Cake\Http\Response $response
The response to encode cookies in.

Returns

Cake\Http\Response
Updated response with encoded cookies.

encodeSetCookieHeader()source protected

encodeSetCookieHeader( Psr\Http\Message\ResponseInterface $response )

Encode cookies from a response's Set-Cookie header

Parameters

Psr\Http\Message\ResponseInterface $response
The response to encode cookies in.

Returns

Psr\Http\Message\ResponseInterface
Updated response with encoded cookies.

Methods used from Cake\Utility\CookieCryptTrait

_checkCipher()source protected

_checkCipher( string $encrypt )

Helper method for validating encryption cipher names.

Parameters

string $encrypt
The cipher name.

Throws

RuntimeException
When an invalid cipher is provided.

_decode()source protected

_decode( string $value , string|false $encrypt , string|null $key )

Decodes and decrypts a single value.

Parameters

string $value
The value to decode & decrypt.
string|false $encrypt
The encryption cipher to use.
string|null $key
Used as the security salt if specified.

Returns

string|array
Decoded values.

_decrypt()source protected

_decrypt( array $values , string|boolean $mode , string|null $key null )

Decrypts $value using public $type method in Security class

Parameters

array $values
Values to decrypt
string|boolean $mode
Encryption mode
string|null $key optional null
Used as the security salt if specified.

Returns

string|array
Decrypted values

_encrypt()source protected

_encrypt( string $value , string|boolean $encrypt , string|null $key null )

Encrypts $value using public $type method in Security class

Parameters

string $value
Value to encrypt
string|boolean $encrypt

Encryption mode to use. False disabled encryption.

string|null $key optional null
Used as the security salt if specified.

Returns

string
Encoded values

_explode()source protected

_explode( string $string )

Explode method to return array from string set in CookieComponent::_implode() Maintains reading backwards compatibility with 1.x CookieComponent::_implode().

Parameters

string $string
A string containing JSON encoded data, or a bare string.

Returns

string|array
Map of key and values

_implode()source protected

_implode( array $array )

Implode method to keep keys are multidimensional arrays

Parameters

array $array
Map of key and values

Returns

string
A json encoded string.

Properties detail

$cipherTypesource

protected string

Encryption type.

$cookieNamessource

protected array

The list of cookies to encrypt/decrypt

$keysource

protected string

Encrpytion key to use.

© 2005–2017 The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/3.4/class-Cake.Http.Middleware.EncryptedCookieMiddleware.html