2017 © Pedro Peláez
 

cakephp-plugin cakephp-encrypted-session

Encrypted Session Middleware which encrypts the session on server-side with a per-user key.

image

lukeelten/cakephp-encrypted-session

Encrypted Session Middleware which encrypts the session on server-side with a per-user key.

  • Tuesday, April 24, 2018
  • by lukeelten
  • Repository
  • 1 Watchers
  • 1 Stars
  • 43 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 0 Forks
  • 0 Open issues
  • 4 Versions
  • 105 % Grown

The README.md

CakePHP Session Encryption

This is a CakePHP Plugin which encrypts a user's session data transparently before storing it. The session data will be automatically decrypted during the next request., (*1)

Why do I need this?

The new GDPR regulation does not enforce encryption on personal data, nevertheless it is recommended to encrypt personal data everywhere, especially at rest. A saved session is simply data stored at rest., (*2)

Due to user authorization or other application features, the session often contains data which can be classified as personal data according to the GDPR. Therefore encrypting them is a reasonable safety measure to prevent data breaches., (*3)

To increase security, a unique encryption key is generated for each user and stored into a cookie. Keeping the key away from the server, makes decrypting all of the session data at once a very hard task., (*4)

Installation

Install plugin using composer:, (*5)

composer require lukeelten/cakephp-encrypted-session

The plugin does not need any loading during bootstrap., (*6)

Configuration

There are several options to configure the behavior, nevertheless the plugin contains a useful set of default values so you do not need any configuration at all., (*7)

Nevertheless, it is recommended to configure at least an encryption salt, otherwise Security.salt will be used., (*8)

Possible options to add to application config:, (*9)

'Session' => [
    "Encryption" => [
        "salt" => getenv("SESSION_SALT", "default-salt"), // Server side salt; fill in random string
        "cookieName" => "CAKE_SESSION_KEY", // Cookie name
        "expire" => strtotime("+1 year"), // Default cookie lifetime
        "secure" => false, // Use with https only
        "path" => "/" // Cookie path
    ]
]

Usage

Simply add the middleware to your Application middleware setup (Application.php), (*10)

$middleware->add(new EncryptedSessionMiddleware());

Important Note:

If this middleware is used in combination with EncryptedCookieMiddleware and you want to encrypt the session key cookie as well, you must ensure, that the EncryptedCookieMiddleware is loaded into the middleware chain BEFORE the EncryptedSessionMiddleware., (*11)

$middleware->add(new EncryptedCookieMiddleware())
    ->add(new EncryptedSessionMiddleware());

The Versions

24/04 2018

dev-master

9999999-dev

Encrypted Session Middleware which encrypts the session on server-side with a per-user key.

  Sources   Download

MIT

The Requires

 

The Development Requires

by Tobias Derksen

cakephp encryption session

24/04 2018

1.0.2

1.0.2.0

Encrypted Session Middleware which encrypts the session on server-side with a per-user key.

  Sources   Download

MIT

The Requires

 

The Development Requires

by Tobias Derksen

cakephp encryption session

24/04 2018

1.0.1

1.0.1.0

Encrypted Session Middleware which encrypts the session on server-side with a per-user key.

  Sources   Download

MIT

The Requires

 

The Development Requires

by Tobias Derksen

cakephp encryption session

24/04 2018

1.0.0

1.0.0.0

Encrypted Session Middleware which encrypts the session on server-side with a per-user key.

  Sources   Download

MIT

The Requires

 

The Development Requires

by Tobias Derksen

cakephp encryption session