收录日期:2019/08/18 17:18:45 时间:2010-06-16 13:36:11 标签:cakephp,cookies

I noticed in Firefox when viewing the cookies that the values I am saving are encrypted. The CakePHP Book states that values are encrypted by default on write(). My assumption is that they are automatically decrypted on read(). I can't seem to find any gotchas in the doc.

Anyone else experience this problem? I am sure I am missing something.. Would it matter that the value being set is a integer?

I have set the key for the Cookie Component accordingly.

$this->Cookie->key = 'qs#$XOw!';

If you have the Suhosin security patch installed, for some reason the decryption doesn't work at all. Referral to the issue and a potential fix: http://groups.google.com/group/cake-php/browse_thread/thread/7e6cda2e03a7c54/b685c58394d86f50?lnk=gst&q=decrypt+cookie#b685c58394d86f50

Changed in CakePHP version 2.2

The ‘rijndael’ encryption type was added. This fixed the problem for me.

http://book.cakephp.org/2.0/en/core-libraries/components/cookie.html

History:

http://cakephp.lighthouseapp.com/projects/42648/tickets/471-securitycipher-function-cannot-decrypt

Test:

class AppController extends Controller {

    function beforeFilter() 
    {
        // Using "rijndael" encryption because the default "cipher" type of encryption fails to decrypt when PHP has the Suhosin patch installed. 
        // See: http://cakephp.lighthouseapp.com/projects/42648/tickets/471-securitycipher-function-cannot-decrypt
        $this->Cookie->type('rijndael');

        // When using "rijndael" encryption the "key" value must be longer than 32 bytes.
        $this->Cookie->key = 'qSI2423424ASadsadasd2131242334SasdadAWQEAv!@*(XSL#$%)asGb$@11~_+!@#HKis~#^';

        // Works
        $result = $this->Cookie->read('Test.rijndael');
        var_dump($result);
        $this->Cookie->write('Test.rijndael', 'foo');

        // Fails
        $this->Cookie->type('cipher');
        $result = $this->Cookie->read('Test.cipher');
        var_dump($result);
        $this->Cookie->write('Test.cipher', 'foo');
    }
}