tourze / cookie-encrypt-bundle
A Symfony Bundle for automatically encrypting and decrypting specific cookies
Installs: 6
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
pkg:composer/tourze/cookie-encrypt-bundle
Requires
- php: ^8.1
- symfony/config: ^6.4
- symfony/dependency-injection: ^6.4
- symfony/event-dispatcher: ^6.4
- symfony/framework-bundle: ^6.4
- symfony/http-foundation: ^6.4
- symfony/http-kernel: ^6.4
- symfony/yaml: ^6.4 || ^7.1
Requires (Dev)
- phpstan/phpstan: ^2.1
- phpunit/phpunit: ^10.0
This package is auto-updated.
Last update: 2025-10-31 19:53:53 UTC
README
A Symfony Bundle for automatically encrypting and decrypting specific cookies, particularly useful for deployment environments with strict WAF (Web Application Firewall) rules, such as Azure.
Features
- Automatic encryption of specified cookies in responses
- Automatic decryption of specified cookies in requests
- Uses XOR encryption algorithm with base64 encoding
- Zero configuration after initial setup
- Seamless integration with Symfony's event system
Requirements
- PHP 8.1 or higher
- Symfony 6.4 or higher
Installation
Install via Composer:
composer require tourze/cookie-encrypt-bundle
Configuration
1. Set Encryption Key
Add the encryption key to your .env file:
COOKIE_XOR_SECURITY_KEY=your_secure_key_here
⚠️ Important:
- Use a strong, random encryption key
- Keep the key secret and never commit it to version control
- Consider using different keys for different environments
2. Register the Bundle
If not using Symfony Flex, register the bundle in config/bundles.php:
return [ // ...other bundles Tourze\CookieEncryptBundle\CookieEncryptBundle::class => ['all' => true], ];
Usage
Once installed and configured, the bundle automatically handles encryption/decryption for the following cookies:
sf_redirect- Symfony's redirect cookie
The bundle works transparently:
- On Request: Automatically decrypts encrypted cookies before your application processes them
- On Response: Automatically encrypts cookies before sending them to the client
How It Works
- When a request arrives, the
CookieEncryptSubscriberchecks for encrypted cookies - If found, it decrypts them using the XOR algorithm and replaces the encrypted values
- Your application works with the decrypted values normally
- Before sending the response, the subscriber encrypts the cookie values again
Advanced Configuration
Custom Cookie Names
To encrypt additional cookies, extend the CookieEncryptSubscriber class:
namespace App\EventSubscriber; use Tourze\CookieEncryptBundle\EventSubscriber\CookieEncryptSubscriber; class CustomCookieEncryptSubscriber extends CookieEncryptSubscriber { protected array $names = [ 'sf_redirect', 'my_custom_cookie', 'another_cookie', ]; }
Then override the service definition in your config/services.yaml:
services: Tourze\CookieEncryptBundle\EventSubscriber\CookieEncryptSubscriber: class: App\EventSubscriber\CustomCookieEncryptSubscriber
Security Considerations
- The XOR encryption is designed for WAF bypass, not cryptographic security
- Always use HTTPS in production to prevent man-in-the-middle attacks
- Rotate encryption keys periodically
- Store encryption keys securely (use Symfony secrets management)
Testing
Run the test suite:
# From the monorepo root ./vendor/bin/phpunit packages/cookie-encrypt-bundle/tests # Run with PHPStan php -d memory_limit=2G ./vendor/bin/phpstan analyse packages/cookie-encrypt-bundle
Troubleshooting
InvalidEncryptionKeyException
This exception is thrown when:
- The
COOKIE_XOR_SECURITY_KEYenvironment variable is not set - The encryption key is empty or contains only whitespace
Solution: Ensure you have set a valid encryption key in your .env file.
Cookies Not Being Encrypted
Check that:
- The bundle is properly registered
- The encryption key is set
- The cookie name is in the list of cookies to encrypt
Contributing
Please see the main monorepo README for contribution guidelines.
License
MIT