CakePHP
  • Documentation
    • Book
    • API
    • Videos
    • Logos & Trademarks
  • Business Solutions
  • Swag
  • Road Trip
  • Team
  • Community
    • Community
    • Team
    • Issues (Github)
    • YouTube Channel
    • Get Involved
    • Bakery
    • Featured Resources
    • Newsletter
    • Certification
    • My CakePHP
    • CakeFest
    • Facebook
    • Twitter
    • Help & Support
    • Forum
    • Stack Overflow
    • IRC
    • Slack
    • Paid Support
CakePHP

C CakePHP 3.7 Red Velvet API

  • Overview
  • Tree
  • Deprecated
  • Version:
    • 3.7
      • 3.7
      • 3.6
      • 3.5
      • 3.4
      • 3.3
      • 3.2
      • 3.1
      • 3.0
      • 2.10
      • 2.9
      • 2.8
      • 2.7
      • 2.6
      • 2.5
      • 2.4
      • 2.3
      • 2.2
      • 2.1
      • 2.0
      • 1.3
      • 1.2

Namespaces

  • Cake
    • Auth
      • Storage
    • Cache
      • Engine
    • Collection
      • Iterator
    • Command
    • Console
      • Exception
    • Controller
      • Component
      • Exception
    • Core
      • Configure
        • Engine
      • Exception
      • Retry
    • Database
      • Driver
      • Exception
      • Expression
      • Schema
      • Statement
      • Type
    • Datasource
      • Exception
    • Error
      • Middleware
    • Event
      • Decorator
    • Filesystem
    • Form
    • Http
      • Client
        • Adapter
        • Auth
      • Cookie
      • Exception
      • Middleware
      • Session
    • I18n
      • Formatter
      • Middleware
      • Parser
    • Log
      • Engine
    • Mailer
      • Exception
      • Transport
    • Network
      • Exception
    • ORM
      • Association
      • Behavior
        • Translate
      • Exception
      • Locator
      • Rule
    • Routing
      • Exception
      • Filter
      • Middleware
      • Route
    • Shell
      • Helper
      • Task
    • TestSuite
      • Fixture
      • Stub
    • Utility
      • Exception
    • Validation
    • View
      • Exception
      • Form
      • Helper
      • Widget
  • None

Classes

  • BodyParserMiddleware
  • CsrfProtectionMiddleware
  • EncryptedCookieMiddleware
  • SecurityHeadersMiddleware

Class EncryptedCookieMiddleware

Middlware for encrypting & decrypting cookies.

This middleware layer will encrypt/decrypt the named cookies with the given key and cipher type. To support multiple keys/cipher types use this middleware multiple times.

Cookies in request data will be decrypted, while cookies in response headers will be encrypted automatically. If the response is a Cake\Http\Response, the cookie data set with withCookie() and `cookie()`` will also be encrypted.

The encryption types and padding are compatible with those used by CookieComponent for backwards compatibility.

Cake\Http\Middleware\EncryptedCookieMiddleware uses Cake\Utility\CookieCryptTrait
Namespace: Cake\Http\Middleware
Location: Http/Middleware/EncryptedCookieMiddleware.php

Properties summary

  • $cipherType protected
    string
    Encryption type.
  • $cookieNames protected
    array
    The list of cookies to encrypt/decrypt
  • $key protected
    string
    Encryption key to use.

Inherited Properties

  • _validCiphers

Method Summary

  • __construct() public
    Constructor
  • __invoke() public
    Apply cookie encryption/decryption.
  • _getCookieEncryptionKey() protected
    Fetch the cookie encryption key.
  • decodeCookies() protected
    Decode cookies from the request.
  • encodeCookies() protected
    Encode cookies from a response's CookieCollection.
  • encodeSetCookieHeader() protected
    Encode cookies from a response's Set-Cookie header

Method Detail

__construct() public ¶

__construct( array $cookieNames , string $key , string $cipherType 'aes' )

Constructor

Parameters
array $cookieNames
The list of cookie names that should have their values encrypted.
string $key
The encryption key to use.
string $cipherType optional 'aes'

The cipher type to use. Defaults to 'aes', but can also be 'rijndael' for backwards compatibility.

__invoke() public ¶

__invoke( Psr\Http\Message\ServerRequestInterface $request , Psr\Http\Message\ResponseInterface $response , callable $next )

Apply cookie encryption/decryption.

Parameters
Psr\Http\Message\ServerRequestInterface $request
The request.
Psr\Http\Message\ResponseInterface $response
The response.
callable $next
The next middleware to call.
Returns
Psr\Http\Message\ResponseInterface
A response.

_getCookieEncryptionKey() protected ¶

_getCookieEncryptionKey( )

Fetch the cookie encryption key.

Part of the CookieCryptTrait implementation.

Returns
string

decodeCookies() protected ¶

decodeCookies( Psr\Http\Message\ServerRequestInterface $request )

Decode cookies from the request.

Parameters
Psr\Http\Message\ServerRequestInterface $request
The request to decode cookies from.
Returns
Psr\Http\Message\ServerRequestInterface
Updated request with decoded cookies.

encodeCookies() protected ¶

encodeCookies( Cake\Http\Response $response )

Encode cookies from a response's CookieCollection.

Parameters
Cake\Http\Response $response
The response to encode cookies in.
Returns
Cake\Http\Response
Updated response with encoded cookies.

encodeSetCookieHeader() protected ¶

encodeSetCookieHeader( Psr\Http\Message\ResponseInterface $response )

Encode cookies from a response's Set-Cookie header

Parameters
Psr\Http\Message\ResponseInterface $response
The response to encode cookies in.
Returns
Psr\Http\Message\ResponseInterface
Updated response with encoded cookies.

Methods used from Cake\Utility\CookieCryptTrait

_checkCipher() protected ¶

_checkCipher( string $encrypt )

Helper method for validating encryption cipher names.

Parameters
string $encrypt
The cipher name.
Throws
RuntimeException
When an invalid cipher is provided.

_decode() protected ¶

_decode( string $value , string|false $encrypt , string|null $key )

Decodes and decrypts a single value.

Parameters
string $value
The value to decode & decrypt.
string|false $encrypt
The encryption cipher to use.
string|null $key
Used as the security salt if specified.
Returns
string|array
Decoded values.

_decrypt() protected ¶

_decrypt( array $values , string|boolean $mode , string|null $key null )

Decrypts $value using public $type method in Security class

Parameters
array $values
Values to decrypt
string|boolean $mode
Encryption mode
string|null $key optional null
Used as the security salt if specified.
Returns
string|array
Decrypted values

_encrypt() protected ¶

_encrypt( string $value , string|boolean $encrypt , string|null $key null )

Encrypts $value using public $type method in Security class

Parameters
string $value
Value to encrypt
string|boolean $encrypt

Encryption mode to use. False disabled encryption.

string|null $key optional null
Used as the security salt if specified.
Returns
string
Encoded values

_explode() protected ¶

_explode( string $string )

Explode method to return array from string set in CookieComponent::_implode() Maintains reading backwards compatibility with 1.x CookieComponent::_implode().

Parameters
string $string
A string containing JSON encoded data, or a bare string.
Returns
string|array
Map of key and values

_implode() protected ¶

_implode( array $array )

Implode method to keep keys are multidimensional arrays

Parameters
array $array
Map of key and values
Returns
string
A json encoded string.

Properties detail

$cipherType ¶

protected string

Encryption type.

$cookieNames ¶

protected array

The list of cookies to encrypt/decrypt

$key ¶

protected string

Encryption key to use.

Follow @CakePHP
#IRC
OpenHub
Rackspace
  • Business Solutions
  • Showcase
  • Documentation
  • Book
  • API
  • Videos
  • Logos & Trademarks
  • Community
  • Team
  • Issues (Github)
  • YouTube Channel
  • Get Involved
  • Bakery
  • Featured Resources
  • Newsletter
  • Certification
  • My CakePHP
  • CakeFest
  • Facebook
  • Twitter
  • Help & Support
  • Forum
  • Stack Overflow
  • IRC
  • Slack
  • Paid Support

Generated using CakePHP API Docs