/**
* Set encrypted HTTP cookie
*
* @param string $name The cookie name
* @param mixed $value The cookie value
* @param mixed $expires The duration of the cookie;
* If integer, should be UNIX timestamp;
* If string, converted to UNIX timestamp with `strtotime`;
* @param string $path The path on the server in which the cookie will be available on
* @param string $domain The domain that the cookie is available to
* @param bool $secure Indicates that the cookie should only be transmitted over a secure
* HTTPS connection from the client
* @param bool $httponly When TRUE the cookie will be made accessible only through the HTTP protocol
*/
public function setEncryptedCookie($name, $value, $expires = null, $path = null, $domain = null, $secure = null, $httponly = null)
{
$expires = is_null($expires) ? $this->config('cookies.lifetime') : $expires;
if (is_string($expires)) {
$expires = strtotime($expires);
}
$secureValue = \Slim\Http\Util::encodeSecureCookie($value, $expires, $this->config('cookies.secret_key'), $this->config('cookies.cipher'), $this->config('cookies.cipher_mode'));
$this->setCookie($name, $secureValue, $expires, $path, $domain, $secure, $httponly);
}
/**
* Test encode/decode secure cookie with tampered data
*
* In this test, the encoded data is purposefully changed to simulate someone
* tampering with the client-side cookie data. When decoding the encoded cookie value,
* FALSE is returned since the verification key will not match.
*/
public function testEncodeAndDecodeSecureCookieWithTamperedData()
{
$value = 'foo';
$expires = time() + 86400;
$secret = 'password';
$algorithm = MCRYPT_RIJNDAEL_256;
$mode = MCRYPT_MODE_CBC;
$encodedValue = \Slim\Http\Util::encodeSecureCookie($value, $expires, $secret, $algorithm, $mode);
$encodedValueParts = explode('|', $encodedValue);
$encodedValueParts[1] = $encodedValueParts[1] . 'changed';
$encodedValue = implode('|', $encodedValueParts);
$decodedValue = \Slim\Http\Util::decodeSecureCookie($encodedValue, $secret, $algorithm, $mode);
$this->assertFalse($decodedValue);
}
/**
* Save session
*/
protected function saveSession()
{
$value = \Slim\Http\Util::encodeSecureCookie(serialize($_SESSION), $this->settings['expires'], $this->settings['secret'], $this->settings['cipher'], $this->settings['cipher_mode']);
if (strlen($value) > 4096) {
$this->app->getLog()->error('WARNING! Slim\\Middleware\\SessionCookie data size is larger than 4KB. Content save failed.');
} else {
$this->app->response()->setCookie($this->settings['name'], array('value' => $value, 'domain' => $this->settings['domain'], 'path' => $this->settings['path'], 'expires' => $this->settings['expires'], 'secure' => $this->settings['secure'], 'httponly' => $this->settings['httponly']));
}
session_destroy();
}
