Middlware for encrypting & decrypting cookies.
This middleware layer will encrypt/decrypt the named cookies with the given key and cipher type. To support multiple keys/cipher types use this middleware multiple times.
Cookies in request data will be decrypted, while cookies in response headers will be encrypted automatically. If the response is a Cake\Http\Response, the cookie data set with withCookie()
and `cookie()`` will also be encrypted.
The encryption types and padding are compatible with those used by CookieComponent for backwards compatibility.
$cipherType
protected string
$cookieNames
protected array
$key
protected string
__construct( array $cookieNames , string $key , string $cipherType 'aes' )
Constructor
$cookieNames
$key
$cipherType
optional 'aes' The cipher type to use. Defaults to 'aes', but can also be 'rijndael' for backwards compatibility.
__invoke( Psr\Http\Message\ServerRequestInterface $request , Psr\Http\Message\ResponseInterface $response , callable $next )
Apply cookie encryption/decryption.
$request
$response
$next
_getCookieEncryptionKey( )
Fetch the cookie encryption key.
Part of the CookieCryptTrait implementation.
decodeCookies( Psr\Http\Message\ServerRequestInterface $request )
Decode cookies from the request.
$request
encodeCookies( Cake\Http\Response $response )
Encode cookies from a response's CookieCollection.
Cake\Http\Response
$response
Cake\Http\Response
encodeSetCookieHeader( Psr\Http\Message\ResponseInterface $response )
Encode cookies from a response's Set-Cookie header
$response
_checkCipher( string $encrypt )
Helper method for validating encryption cipher names.
$encrypt
_decode( string $value , string|false $encrypt , string|null $key )
Decodes and decrypts a single value.
$value
$encrypt
$key
_decrypt( array $values , string|boolean $mode , string|null $key null )
Decrypts $value using public $type method in Security class
$values
$mode
$key
optional null _encrypt( string $value , string|boolean $encrypt , string|null $key null )
Encrypts $value using public $type method in Security class
$value
$encrypt
Encryption mode to use. False disabled encryption.
$key
optional null _explode( string $string )
Explode method to return array from string set in CookieComponent::_implode() Maintains reading backwards compatibility with 1.x CookieComponent::_implode().
$string
_implode( array $array )
Implode method to keep keys are multidimensional arrays
$array
© 2005–2018 The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/3.5/class-Cake.Http.Middleware.EncryptedCookieMiddleware.html