Class EncryptedCookieMiddleware
Middleware for encrypting & decrypting cookies.
This middleware layer will encrypt/decrypt the named cookies with the given key and cipher type. To support multiple keys/cipher types use this middleware multiple times.
Cookies in request data will be decrypted, while cookies in response headers will be encrypted automatically. If the response is a {@link \Cake\Http\Response}, the cookie data set with withCookie() and `cookie()`` will also be encrypted.
The encryption types and padding are compatible with those used by CookieComponent for backwards compatibility.
Namespace: Cake\Http\Middleware
Property Summary
-
$_validCiphers protected
array<string>Valid cipher names for encrypted cookies.
-
$cipherType protected
stringEncryption type.
-
$cookieNames protected
array<string>The list of cookies to encrypt/decrypt
-
$key protected
stringEncryption key to use.
Method Summary
__construct() public
Constructor
_checkCipher() protected
Helper method for validating encryption cipher names.
_decode() protected
Decodes and decrypts a single value.
_decrypt() protected
Decrypts $value using public $type method in Security class
_encrypt() protected
Encrypts $value using public $type method in Security class
_explode() protected
Explode method to return array from string set in CookieComponent::_implode() Maintains reading backwards compatibility with 1.x CookieComponent::_implode().
_getCookieEncryptionKey() protected
Fetch the cookie encryption key.
_implode() protected
Implode method to keep keys are multidimensional arrays
decodeCookies() protected
Decode cookies from the request.
encodeCookies() protected
Encode cookies from a response's CookieCollection.
encodeSetCookieHeader() protected
Encode cookies from a response's Set-Cookie header
process() public
Apply cookie encryption/decryption.
Method Detail
__construct() public
__construct(array<string> $cookieNames, string $key, string $cipherType = 'aes')Constructor
Parameters
array<string>$cookieNames-
The list of cookie names that should have their values encrypted.
string$key-
The encryption key to use.
string$cipherType optional-
The cipher type to use. Defaults to 'aes'.
_checkCipher() protected
_checkCipher(string $encrypt): voidHelper method for validating encryption cipher names.
Parameters
string$encrypt-
The cipher name.
Returns
voidThrows
RuntimeExceptionWhen an invalid cipher is provided.
_decode() protected
_decode(string $value, string|false $encrypt, string|null $key): array|stringDecodes and decrypts a single value.
Parameters
string$value-
The value to decode & decrypt.
string|false$encrypt-
The encryption cipher to use.
string|null$key-
Used as the security salt if specified.
Returns
array|string_decrypt() protected
_decrypt(array<string>|string $values, string|false $mode, string|null $key = null): array|stringDecrypts $value using public $type method in Security class
Parameters
array<string>|string$values-
Values to decrypt
string|false$mode-
Encryption mode
string|null$key optional-
Used as the security salt if specified.
Returns
array|string_encrypt() protected
_encrypt(array|string $value, string|false $encrypt, string|null $key = null): stringEncrypts $value using public $type method in Security class
Parameters
array|string$value-
Value to encrypt
string|false$encrypt-
Encryption mode to use. False disabled encryption.
string|null$key optional-
Used as the security salt if specified.
Returns
string_explode() protected
_explode(string $string): array|stringExplode method to return array from string set in CookieComponent::_implode() Maintains reading backwards compatibility with 1.x CookieComponent::_implode().
Parameters
string$string-
A string containing JSON encoded data, or a bare string.
Returns
array|string_getCookieEncryptionKey() protected
_getCookieEncryptionKey(): stringFetch the cookie encryption key.
Part of the CookieCryptTrait implementation.
Returns
string_implode() protected
_implode(array $array): stringImplode method to keep keys are multidimensional arrays
Parameters
array$array-
Map of key and values
Returns
stringdecodeCookies() protected
decodeCookies(Psr\Http\Message\ServerRequestInterface $request): Psr\Http\Message\ServerRequestInterfaceDecode cookies from the request.
Parameters
Psr\Http\Message\ServerRequestInterface$request-
The request to decode cookies from.
Returns
Psr\Http\Message\ServerRequestInterfaceencodeCookies() protected
encodeCookies(Cake\Http\Response $response): Cake\Http\ResponseEncode cookies from a response's CookieCollection.
Parameters
Cake\Http\Response$response-
The response to encode cookies in.
Returns
Cake\Http\ResponseencodeSetCookieHeader() protected
encodeSetCookieHeader(Psr\Http\Message\ResponseInterface $response): Psr\Http\Message\ResponseInterfaceEncode cookies from a response's Set-Cookie header
Parameters
Psr\Http\Message\ResponseInterface$response-
The response to encode cookies in.
Returns
Psr\Http\Message\ResponseInterfaceprocess() public
process(ServerRequestInterface $request, RequestHandlerInterface $handler): Psr\Http\Message\ResponseInterfaceApply cookie encryption/decryption.
Processes an incoming server request in order to produce a response. If unable to produce the response itself, it may delegate to the provided request handler to do so.
Parameters
ServerRequestInterface$request-
The request.
RequestHandlerInterface$handler-
The request handler.
Returns
Psr\Http\Message\ResponseInterfaceProperty Detail
$_validCiphers protected
Valid cipher names for encrypted cookies.
Type
array<string>$cipherType protected
Encryption type.
Type
string$cookieNames protected
The list of cookies to encrypt/decrypt
Type
array<string>$key protected
Encryption key to use.
Type
string© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/4.4/class-Cake.Http.Middleware.EncryptedCookieMiddleware.html