Download the PHP package drnasin/mysql-pdo-secure-session-handler without Composer
On this page you can find all versions of the php package drnasin/mysql-pdo-secure-session-handler. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download drnasin/mysql-pdo-secure-session-handler
More information about drnasin/mysql-pdo-secure-session-handler
Files in drnasin/mysql-pdo-secure-session-handler
Package mysql-pdo-secure-session-handler
Short Description Mysql secure session handler with openssl encryption of session data and 'per session' based lifetime.
License MIT
Homepage https://github.com/drnasin/mysql-pdo-secure-session-handler
Informations about the package mysql-pdo-secure-session-handler
About
This is a mysql pdo secure session handler with openssl encryption/decryption of session data.
Cipher mode used for enryption/decryption is AES-256-CBC.
CBC has an IV and thus needs randomness every time a message is encrypted, changing a part of the message requires re-encrypting everything after the change, transmission errors in one ciphertext block completely destroy the plaintext and change the decryption of the next block, decryption can be parallelized / encryption can't, the plaintext is malleable to a certain degree.
Features
- openssl encryption of session data using AES-256-CBC cipher, "encryption key" and initialisation vector("IV")
- "IV" is needed because of the default cipher mode (CBC)
- when session is being created so is the "IV" for that session. "IV "is then stored in the database as binary data
- lifetime of a session is kept in the database because
- can't be tampered with that easily
- calculation of the sessions expiration can be left to the database (faster) (example: DELETE FROM sessions WHERE (modified + INTERVAL lifetime SECOND) < NOW())
Usage
Generate your encryption key using:
openssl rand -base64 -out tests/encryption.key 180
(recommended key length is 128 - 256 bits)
then check the included example.
Encryption
As per cipher mode used (CBC in this case) data are encrypted using:\
- provided encryption key \
- initialisation vector (IV) - generated for every session as a string of (pseudo)bytes, length is in colleration with\ cipher mode used (AES = 256 bits = 32 bytes -> meaning: generated "IV" has to be 32 bytes long)
Database
@see SessionHandler::createTable()
Usage
composer require drnasin/mysql-pdo-secure-session-handler
or git clone the repo.
Example
check example.php
If you need any help let me know. Just use the "Issues" tab...
Tests
Update database variables in tests/phpunit.xml, then
run: composer tests
Code coverage
Code coverage will be generated in tests/code-coverage-report directory.
All versions of mysql-pdo-secure-session-handler with dependencies
ext-openssl Version *
ext-pdo Version *