示例#1
0
 /**
  * Set encrypted HTTP cookie
  *
  * @param string    $name       The cookie name
  * @param mixed     $value      The cookie value
  * @param mixed     $expires    The duration of the cookie;
  *                                  If integer, should be UNIX timestamp;
  *                                  If string, converted to UNIX timestamp with `strtotime`;
  * @param string    $path       The path on the server in which the cookie will be available on
  * @param string    $domain     The domain that the cookie is available to
  * @param bool      $secure     Indicates that the cookie should only be transmitted over a secure
  *                              HTTPS connection from the client
  * @param  bool     $httponly   When TRUE the cookie will be made accessible only through the HTTP protocol
  */
 public function setEncryptedCookie($name, $value, $expires = null, $path = null, $domain = null, $secure = null, $httponly = null)
 {
     $expires = is_null($expires) ? $this->config('cookies.lifetime') : $expires;
     if (is_string($expires)) {
         $expires = strtotime($expires);
     }
     $secureValue = \Slim\Http\Util::encodeSecureCookie($value, $expires, $this->config('cookies.secret_key'), $this->config('cookies.cipher'), $this->config('cookies.cipher_mode'));
     $this->setCookie($name, $secureValue, $expires, $path, $domain, $secure, $httponly);
 }
示例#2
0
 /**
  * Test encode/decode secure cookie with tampered data
  *
  * In this test, the encoded data is purposefully changed to simulate someone
  * tampering with the client-side cookie data. When decoding the encoded cookie value,
  * FALSE is returned since the verification key will not match.
  */
 public function testEncodeAndDecodeSecureCookieWithTamperedData()
 {
     $value = 'foo';
     $expires = time() + 86400;
     $secret = 'password';
     $algorithm = MCRYPT_RIJNDAEL_256;
     $mode = MCRYPT_MODE_CBC;
     $encodedValue = \Slim\Http\Util::encodeSecureCookie($value, $expires, $secret, $algorithm, $mode);
     $encodedValueParts = explode('|', $encodedValue);
     $encodedValueParts[1] = $encodedValueParts[1] . 'changed';
     $encodedValue = implode('|', $encodedValueParts);
     $decodedValue = \Slim\Http\Util::decodeSecureCookie($encodedValue, $secret, $algorithm, $mode);
     $this->assertFalse($decodedValue);
 }
示例#3
0
 /**
  * Save session
  */
 protected function saveSession()
 {
     $value = \Slim\Http\Util::encodeSecureCookie(serialize($_SESSION), $this->settings['expires'], $this->settings['secret'], $this->settings['cipher'], $this->settings['cipher_mode']);
     if (strlen($value) > 4096) {
         $this->app->getLog()->error('WARNING! Slim\\Middleware\\SessionCookie data size is larger than 4KB. Content save failed.');
     } else {
         $this->app->response()->setCookie($this->settings['name'], array('value' => $value, 'domain' => $this->settings['domain'], 'path' => $this->settings['path'], 'expires' => $this->settings['expires'], 'secure' => $this->settings['secure'], 'httponly' => $this->settings['httponly']));
     }
     session_destroy();
 }