psecio/session-encrypt

An encrypted session handler for PHP

0.1 2014-03-22 14:20 UTC

This package is not auto-updated.

Last update: 2024-11-19 04:08:47 UTC


README

This is a custom encrypted session handler for PHP (using session_set_save_handler). It is compatible with just about any version of PHP out there and doesn't use the newer SessionHandler interface.

Example Usage

<?php

require_once 'vendor/autoload.php';

$salt = 'b6a8904db8ef59b3a4c6841e6eddf048a9194208';
Psecio\SessionEncrypt\Handler::init($salt);
session_start();

?>

The value for $salt should be as randomized as possible as it's used to encrypt the data with mcrypt_decrypt. The handler uses MCRYPT_RIJNDAEL_256 and MCRYPT_MODE_CBC to encrypt the data. It will store the session files in the path defined by the session.save_path or, if it's not set, will default to /tmp.

NOTE: Because of the need for encryption in this handler, you are required to have the mcrypt functionality included in your PHP installation.