2017 © Pedro Peláez
 

library secure-client-side-session-handler

Securely store PHP session information on the client side using cookies (session data is encrypted & compressed)

image

dcro/secure-client-side-session-handler

Securely store PHP session information on the client side using cookies (session data is encrypted & compressed)

  • Wednesday, September 17, 2014
  • by dcro
  • Repository
  • 1 Watchers
  • 8 Stars
  • 245 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 0 Forks
  • 0 Open issues
  • 1 Versions
  • 7 % Grown

The README.md

PHP Secure Client Side Session Handler

Securely store PHP session information on the client side using encrypted cookies (with AES encryption). This is useful in cases where you don't want to store the session information on a file system or database (e.g. usually when using load balancing or multiple servers in different geographical regions)., (*1)

Because there's a browser limit of around 4KB of data available for cookies, the session data is first compressed using the deflate algorithm. You should also keep in mind that the session data stored in the client side cookie is sent back to the server with every request so it's important to keep the data as small as possible., (*2)

Installation

You can either get the SecureClientSideSessionHandler.php file from GIT or you can install the library via Composer. To use Composer, simply add the following to your composer.json file., (*3)

{
    "require": {
        "dcro/secure-client-side-session-handler": "dev-master"
    }
}

How to use it?

By default, the class is configured to only set the data cookie over a secure HTTPS connection. This behaviour can be overridden by changing the secureCookie static var to false., (*4)

You can also customize the cookie specific settings (name, domain, path, etc.) using the cookieName, cookiePath, cookieDomain and cookieHTTPOnly static vars or you can customize the data compression level (for the deflate algorithm) using the compressionLevel static var (supported values from 0 to 9)., (*5)

You can initialize the session handler with:, (*6)

SecureClientSideSessionHandler::initialize('<your-encryption-key>', '<your-encryption-key-salt>');
session_start();

The encryption key and encryption key salt can be any string values (they don't need to be very long as the final encryption key is an SHA256 hash on the-encryption-key + random-salt + the-encryption-key-salt)., (*7)

If you want to enable the session data cookie over HTTP (disabled by default), you'll need to initialize the session handler with:, (*8)

SecureClientSideSessionHandler::$cookieSecure = false;
SecureClientSideSessionHandler::initialize('<your-encryption-key>', '<your-encryption-key-salt>');
session_start();

The default cookie name for the session handler is PHPSESSDATA. You can customize the cookie name with:, (*9)

SecureClientSideSessionHandler::$cookieName = 'CUSTOM-COOKIE-NAME';
SecureClientSideSessionHandler::initialize('<your-encryption-key>', '<your-encryption-key-salt>');
session_start();

The Versions

17/09 2014

dev-master

9999999-dev

Securely store PHP session information on the client side using cookies (session data is encrypted & compressed)

  Sources   Download

GPL-2.0+

The Requires

  • php >=5.4.0

 

by Dan Cotora

cookie client session secure