Class EncryptedCookieMiddleware

Middlware for encrypting & decrypting cookies.

This middleware layer will encrypt/decrypt the named cookies with the given key and cipher type. To support multiple keys/cipher types use this middleware multiple times.

Cookies in request data will be decrypted, while cookies in response headers will be encrypted automatically. If the response is a Cake\Http\Response, the cookie data set with withCookie() and `cookie()`` will also be encrypted.

The encryption types and padding are compatible with those used by CookieComponent for backwards compatibility.

Properties summary

  • $_validCiphers protected
    string[]

    Valid cipher names for encrypted cookies.

  • $cipherType protected
    string

    Encryption type.

  • $cookieNames protected
    string[]

    The list of cookies to encrypt/decrypt

  • $key protected
    string

    Encryption key to use.

Method Summary

  • __construct() public

    Constructor

  • _checkCipher() protected

    Helper method for validating encryption cipher names.

  • _decode() protected

    Decodes and decrypts a single value.

  • _decrypt() protected

    Decrypts $value using public $type method in Security class

  • _encrypt() protected

    Encrypts $value using public $type method in Security class

  • _explode() protected

    Explode method to return array from string set in CookieComponent::_implode() Maintains reading backwards compatibility with 1.x CookieComponent::_implode().

  • _getCookieEncryptionKey() protected

    Fetch the cookie encryption key.

  • _implode() protected

    Implode method to keep keys are multidimensional arrays

  • decodeCookies() protected

    Decode cookies from the request.

  • encodeCookies() protected

    Encode cookies from a response's CookieCollection.

  • encodeSetCookieHeader() protected

    Encode cookies from a response's Set-Cookie header

  • process() public

    Apply cookie encryption/decryption.

Method Detail

__construct() public

__construct(array $cookieNames, string $key, string $cipherType)

Constructor

Parameters

string[] $cookieNames

The list of cookie names that should have their values encrypted.

string $key

The encryption key to use.

string $cipherType optional

The cipher type to use. Defaults to 'aes'.

_checkCipher() protected

_checkCipher(string $encrypt)

Helper method for validating encryption cipher names.

Parameters

string $encrypt

The cipher name.

Throws

RuntimeException
When an invalid cipher is provided.

_decode() protected

_decode(string $value, mixed $encrypt, ?string $key)

Decodes and decrypts a single value.

Parameters

string $value

The value to decode & decrypt.

string|false $encrypt

The encryption cipher to use.

string|null $key

Used as the security salt if specified.

Returns

string|array

Decoded values.

_decrypt() protected

_decrypt(mixed $values, mixed $mode, ?string $key)

Decrypts $value using public $type method in Security class

Parameters

string[]|string $values

Values to decrypt

string|false $mode

Encryption mode

string|null $key optional

Used as the security salt if specified.

Returns

string|array

Decrypted values

_encrypt() protected

_encrypt(mixed $value, mixed $encrypt, ?string $key)

Encrypts $value using public $type method in Security class

Parameters

string|array $value

Value to encrypt

string|false $encrypt

Encryption mode to use. False disabled encryption.

string|null $key optional

Used as the security salt if specified.

Returns

string

Encoded values

_explode() protected

_explode(string $string)

Explode method to return array from string set in CookieComponent::_implode() Maintains reading backwards compatibility with 1.x CookieComponent::_implode().

Parameters

string $string

A string containing JSON encoded data, or a bare string.

Returns

string|array

Map of key and values

_getCookieEncryptionKey() protected

_getCookieEncryptionKey()

Fetch the cookie encryption key.

Part of the CookieCryptTrait implementation.

Returns

string

_implode() protected

_implode(array $array)

Implode method to keep keys are multidimensional arrays

Parameters

array $array

Map of key and values

Returns

string

A JSON encoded string.

decodeCookies() protected

decodeCookies(\Psr\Http\Message\ServerRequestInterface $request)

Decode cookies from the request.

Parameters

\Psr\Http\Message\ServerRequestInterface $request

The request to decode cookies from.

Returns

\Psr\Http\Message\ServerRequestInterface

Updated request with decoded cookies.

encodeCookies() protected

encodeCookies(\Cake\Http\Response $response)

Encode cookies from a response's CookieCollection.

Parameters

\Cake\Http\Response $response

The response to encode cookies in.

Returns

\Cake\Http\Response

Updated response with encoded cookies.

encodeSetCookieHeader() protected

encodeSetCookieHeader(\Psr\Http\Message\ResponseInterface $response)

Encode cookies from a response's Set-Cookie header

Parameters

\Psr\Http\Message\ResponseInterface $response

The response to encode cookies in.

Returns

\Psr\Http\Message\ResponseInterface

Updated response with encoded cookies.

process() public

process(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Server\RequestHandlerInterface $handler)

Apply cookie encryption/decryption.

Parameters

\Psr\Http\Message\ServerRequestInterface $request

The request.

\Psr\Http\Server\RequestHandlerInterface $handler

The request handler.

Returns

\Psr\Http\Message\ResponseInterface

A response.

Property Detail

$_validCiphers protected

Valid cipher names for encrypted cookies.

Type

string[]

$cipherType protected

Encryption type.

Type

string

$cookieNames protected

The list of cookies to encrypt/decrypt

Type

string[]

$key protected

Encryption key to use.

Type

string

© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/4.1/class-Cake.Http.Middleware.EncryptedCookieMiddleware.html