Download the PHP package ezimuel/php-secure-session without Composer

On this page you can find all versions of the php package ezimuel/php-secure-session. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of ezimuel/php-secure-session

Informations about the package php-secure-session

PHP-Secure-Session

Build Status Coverage Status

About

This project adds encryption to internal PHP save handlers. It uses OpenSSL extension to provide encryption with AES-256 and authentication using HMAC-SHA-256.

The SecureHandler class extends the default SessionHandler of PHP and it adds only an encryption layer on the internal save handler. The session management logic remains the same, that means you can use SecureSession with all the PHP session handlers like 'file', 'sqlite', 'memcache' or 'memcached' which are provided by PHP extensions.

Installation

You can install this library using composer with the following command:

After that the PHP-Secure-Session handler will be automatically executed in your project when consuming the vendor/autoload.php file.

Usage

You don't have to do nothing to consume this library, the SecureHandler is automatically registered with session_set_save_handler() during the composer autoload.

How it works

The session data are encrypted using a random key stored in a cookie variable starting with the prefix KEY_.

This random key is generated using the random_bytes() function of PHP 7. For PHP 5 versions we used the paragonie/random_compat project that is a polyfill for random_bytes().

We also generated a random authentication key stored in the same cookie variable. The value stored in the KEY_ cookie is the Base64 representation of the encryption key concatenated with the authentication key.

Demo

You can test the PHP-Secure-Session using the test/demo/index.php example. You can run the demo using the internal web server of PHP with the following command:

If you open the browser to localhost:8000 you will see the demo in action.

Copyright 2011-2018 by Enrico Zimuel

Released under the MIT License

All versions of php-secure-session with dependencies

PHP Build Version
Package Version
Requires php Version ^5.6 || ^7.0
ext-openssl Version *
ext-mbstring Version *
paragonie/random_compat Version ^2.0.2
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package ezimuel/php-secure-session contains the following files

Loading the files please wait ....