/**
* Encodes and saves cookie data.
*/
public static function save()
{
$self = CookieStore::get_current();
$expiration_date = time() + 30 * 60;
if (!empty($self->_stored)) {
foreach ($self->_stored as $ckey => $cval) {
if (empty($self->_saved[$ckey])) {
setcookie($ckey, $self->_to_cookie_val($cval), $expiration_date, '/', DOMAIN);
$self->_saved[$ckey] = 1;
}
}
}
if (!empty($self->_destroyed)) {
foreach ($self->_destroyed as $ckey => $cval) {
setcookie($ckey, 0, time() - 86400, '/', DOMAIN);
}
}
}
$cookie = $a[0];
$cookie->set("name", "fernyb");
$cookie->set("id", "100");
$cookie->save();
$session_data = $cookie->session_data;
list($data, $signature) = explode("--", $session_data, 2);
$new_data = base64_decode($data);
$new_data = unserialize($new_data);
# make changes to the data
$new_data["name"] = "Michael Scott";
$new_data["id"] = "200";
$new_data = base64_encode(serialize($new_data));
# Since we don't know how the signature is generated
# We just assume is a sha1 hash and because we don't
# the servers secret key it should not be allowed to load.
$new_sig = sha1($new_data);
# This will be sent back to the server
$tampered_session_data = "{$new_data}--{$new_sig}";
$new_request = new CookieStore(array("session_key" => $cookie->key, "secret" => $cookie->secret));
#
# The data will attempt to load the session_data if tampered with
# It will not load and just return an empty string.
#
# The only to determine if the data was changed is
# by the sha1 hash that uses are secret key
#
$loaded_data = $new_request->load_session($tampered_session_data);
assert_equal($loaded_data, "");
assert_equal(0, count($new_request->params));
});
});
/**
* Destroy cookie
*/
public function destroy()
{
CookieStore::destroy($this->_name);
CookieStore::save();
}