/** * Load session * @param array $env * @return void */ protected function loadSession() { session_start(); $value = Slim_Http_Util::decodeSecureCookie($this->app->request()->cookies($this->settings['name']), $this->settings['secret'], $this->settings['cipher'], $this->settings['cipher_mode']); if ($value) { $_SESSION = unserialize($value); } else { $_SESSION = array(); } }
/** * Get the value of an encrypted Cookie from the current HTTP request * * Return the value of an encrypted cookie from the current HTTP request, * or return NULL if cookie does not exist. Encrypted cookies created during * the current request will not be available until the next request. * * @param string $name * @return string|false */ public function getEncryptedCookie($name, $deleteIfInvalid = true) { $value = Slim_Http_Util::decodeSecureCookie($this->request->cookies($name), $this->config('cookies.secret_key'), $this->config('cookies.cipher'), $this->config('cookies.cipher_mode')); if ($value === false && $deleteIfInvalid) { $this->deleteCookie($name); } return $value; }
/** * Test encode/decode secure cookie with tampered data * * In this test, the encoded data is purposefully changed to simulate someone * tampering with the client-side cookie data. When decoding the encoded cookie value, * FALSE is returned since the verification key will not match. */ public function testEncodeAndDecodeSecureCookieWithTamperedData() { $value = 'foo'; $expires = time() + 86400; $secret = 'password'; $algorithm = MCRYPT_RIJNDAEL_256; $mode = MCRYPT_MODE_CBC; $encodedValue = Slim_Http_Util::encodeSecureCookie($value, $expires, $secret, $algorithm, $mode); $encodedValueParts = explode('|', $encodedValue); $encodedValueParts[1] = $encodedValueParts[1] . 'changed'; $encodedValue = implode('|', $encodedValueParts); $decodedValue = Slim_Http_Util::decodeSecureCookie($encodedValue, $secret, $algorithm, $mode); $this->assertFalse($decodedValue); }
/** * Load session * @param array $env * @return void */ protected function loadSession(&$env) { $req = new Slim_Http_Request($env); $value = Slim_Http_Util::decodeSecureCookie($req->cookies($this->settings['name']), $this->settings['secret'], $this->settings['cipher'], $this->settings['cipher_mode']); if ($value) { $_SESSION = unserialize($value); } else { $_SESSION = array(); } }