Class EncryptedCookieMiddleware

Middlware for encrypting & decrypting cookies.

This middleware layer will encrypt/decrypt the named cookies with the given key and cipher type. To support multiple keys/cipher types use this middleware multiple times.

Cookies in request data will be decrypted, while cookies in response headers will be encrypted automatically. If the response is a Cake\Http\Response, the cookie data set with withCookie() and `cookie()`` will also be encrypted.

The encryption types and padding are compatible with those used by CookieComponent for backwards compatibility.

Cake\Http\Middleware\EncryptedCookieMiddleware uses Cake\Utility\CookieCryptTrait

Namespace: Cake\Http\Middleware
Location: Http/Middleware/EncryptedCookieMiddleware.php

Properties summary

$cipherType protected

string
Encryption type.
$cookieNames protected

array
The list of cookies to encrypt/decrypt
$key protected

string
Encryption key to use.

Inherited Properties

_validCiphers

Method Summary

__construct() public
Constructor
__invoke() public
Apply cookie encryption/decryption.
_getCookieEncryptionKey() protected
Fetch the cookie encryption key.
decodeCookies() protected
Decode cookies from the request.
encodeCookies() protected
Encode cookies from a response's CookieCollection.
encodeSetCookieHeader() protected
Encode cookies from a response's Set-Cookie header

Method Detail

__construct()source public

__construct( array $cookieNames , string $key , string $cipherType = 'aes' )

Constructor

Parameters

array $cookieNames: The list of cookie names that should have their values encrypted.
string $key: The encryption key to use.
string $cipherType optional 'aes': The cipher type to use. Defaults to 'aes', but can also be 'rijndael' for backwards compatibility.

__invoke()source public

__invoke( Psr\Http\Message\ServerRequestInterface $request , Psr\Http\Message\ResponseInterface $response , callable $next )

Apply cookie encryption/decryption.

Parameters

Psr\Http\Message\ServerRequestInterface $request: The request.
Psr\Http\Message\ResponseInterface $response: The response.
callable $next: The next middleware to call.

Returns

Psr\Http\Message\ResponseInterface
A response.

_getCookieEncryptionKey()source protected

_getCookieEncryptionKey( )

Fetch the cookie encryption key.

Part of the CookieCryptTrait implementation.

Returns

string

decodeCookies()source protected

decodeCookies( Psr\Http\Message\ServerRequestInterface $request )

Decode cookies from the request.

Parameters

Psr\Http\Message\ServerRequestInterface $request: The request to decode cookies from.

Returns

Psr\Http\Message\ServerRequestInterface
Updated request with decoded cookies.

encodeCookies()source protected

encodeCookies( Cake\Http\Response $response )

Encode cookies from a response's CookieCollection.

Parameters

Cake\Http\Response $response: The response to encode cookies in.

Returns

Cake\Http\Response
Updated response with encoded cookies.

encodeSetCookieHeader()source protected

encodeSetCookieHeader( Psr\Http\Message\ResponseInterface $response )

Encode cookies from a response's Set-Cookie header

Parameters

Psr\Http\Message\ResponseInterface $response: The response to encode cookies in.

Returns

Psr\Http\Message\ResponseInterface
Updated response with encoded cookies.

Methods used from Cake\Utility\CookieCryptTrait

_checkCipher()source protected

_checkCipher( string $encrypt )

Helper method for validating encryption cipher names.

Parameters

string $encrypt: The cipher name.

Throws

RuntimeException
When an invalid cipher is provided.

_decode()source protected

_decode( string $value , string|false $encrypt , string|null $key )

Decodes and decrypts a single value.

Parameters

string $value: The value to decode & decrypt.
string|false $encrypt: The encryption cipher to use.
string|null $key: Used as the security salt if specified.

Returns

string|array
Decoded values.

_decrypt()source protected

_decrypt( array $values , string|boolean $mode , string|null $key = null )

Decrypts $value using public $type method in Security class

Parameters

array $values: Values to decrypt
string|boolean $mode: Encryption mode
string|null $key optional null: Used as the security salt if specified.

Returns

string|array
Decrypted values

_encrypt()source protected

_encrypt( string $value , string|boolean $encrypt , string|null $key = null )

Encrypts $value using public $type method in Security class

Parameters

string $value: Value to encrypt
string|boolean $encrypt: Encryption mode to use. False disabled encryption.
string|null $key optional null: Used as the security salt if specified.

Returns

string
Encoded values

_explode()source protected

_explode( string $string )

Explode method to return array from string set in CookieComponent::_implode() Maintains reading backwards compatibility with 1.x CookieComponent::_implode().

Parameters

string $string: A string containing JSON encoded data, or a bare string.

Returns

string|array
Map of key and values

_implode()source protected

_implode( array $array )

Implode method to keep keys are multidimensional arrays

Parameters

array $array: Map of key and values

Returns

string
A json encoded string.

Properties detail

$cipherTypesource

protected string

Encryption type.

$cookieNamessource

protected array

The list of cookies to encrypt/decrypt

$keysource

protected string

Encryption key to use.

© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/3.8/class-Cake.Http.Middleware.EncryptedCookieMiddleware.html