muhammetsafak / secret-cookies
It offers a more secure cookie storage opportunity by encrypting cookies.
Requires
- php: >=7.4
- initphp/encryption: ^1.0
- initphp/parameterbag: ^1.0
README
It offers a more secure cookie storage opportunity by encrypting cookies.
Requirements
- PHP 7.4 or higher
- InitPHP ParameterBag Library
- InitPHP Encryption Library
Note : The above libraries may have specific requirements (like OpenSSL and MB_String).
Installation
composer require muhammetsafak/secret-cookies
Configuration
$options = [ 'algo' => 'SHA256', // String : OpenSSL Algorithm 'cipher' => 'AES-256-CTR', // String : OpenSSL Cipher 'key' => 'SecretCookie', // String : Top Secret Key 'ttl' => 3600, // Integer : Seconds - LifeTime 'path' => '/', // String 'domain' => null, // Null or String. If it is empty, it is not used. 'secure' => false, // Boolean 'httponly' => true, // Boolean 'samesite' => 'Strict', // "None", "Lax" or "Strict" ];
Very Important Note : For security purposes, the key
must be specified. Otherwise, using this library is just a burden for your server. Users' cookie data is encrypted and decrypted with this key.
Usage
require_once "vendor/autoload.php"; use MuhammetSafak\SecretCookies\Segment; // See the configuration section for detailed information. $options = []; $cookie = new Segment('cookieName', $options); $cookie->set('username', 'muhammetsafak') ->set('mail', 'info@muhammetsafak.com.tr');
Performance
Encryption and decryption can become a huge burden for servers in some cases. This library; it tries to avoid a repeated encryption and decryption every time.
Normally, decryption is performed with the __construct()
method only, and encryption with the __destruct()
method. If you still manage to escape the __destruct()
method for some reason; you have the save()
method that will make the changes permanent by sending them to the user's browser.
Methods
has()
It checks if the data is defined using the current key in the segment.
public function has(string $key): bool;
get()
Returns the value of the specified key. Otherwise $default
returns the given value.
public function get(string $key, $default = null): mixed;
set()
Defines the value of the specified key.
public function set(string $key, $value): self;
Note : This method change takes effect after it but does not send it directly to the user's browser. The save()
method should work or the object should terminate correctly for the changes to be sent to the user browser. Why and in which case the save()
method is a must is explained in the Performance section.
remove()
public function remove(string $key): self;
Note : This method change takes effect after it but does not send it directly to the user's browser. The save()
method should work or the object should terminate correctly for the changes to be sent to the user browser. Why and in which case the save()
method is a must is explained in the Performance section.
save()
If any, it sends the changes to the user's browser, making them permanent/valid. If the object is terminated correctly; PHP will run it automatically with the help of the __destruct()
method.
public function save(): void;
getDebug()
If a known error is encountered; we keep it in an array. The getDebug()
method returns known errors, if any.
public function getDebug(): string[];
Getting Help
If you have questions, concerns, bug reports, etc, please file an issue in this repository's Issue Tracker.
Contributing
All contributions to this project will be published under the MIT License. By submitting a pull request or filing a bug, issue, or feature request, you are agreeing to comply with this waiver of copyright interest.
- Fork it ( https://github.com/muhammetsafak/secret-cookies/fork )
- Create your feature branch (git checkout -b my-new-feature)
- Commit your changes (git commit -am "Add some feature")
- Push to the branch (git push origin my-new-feature)
- Create a new Pull Request
Credits
License
Copyright © 2022 MIT License