Download the PHP package ezimuel/php-secure-session without Composer
On this page you can find all versions of the php package ezimuel/php-secure-session. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download ezimuel/php-secure-session
More information about ezimuel/php-secure-session
Files in ezimuel/php-secure-session
Package php-secure-session
Short Description Encrypt and authenticate PHP session data using AES-256 and HMAC-SHA256
License BSD-3-Clause
Homepage https://github.com/ezimuel/PHP-Secure-Session
Informations about the package php-secure-session
PHP-Secure-Session
About
This project adds encryption to internal PHP save handlers. It uses OpenSSL extension to provide encryption with AES-256 and authentication using HMAC-SHA-256.
The SecureHandler class extends the default
SessionHandler of PHP and
it adds only an encryption layer on the internal save handler.
The session management logic remains the same, that means you can use
SecureSession
with all the PHP session handlers like 'file', 'sqlite',
'memcache' or 'memcached' which are provided by PHP extensions.
Installation
You can install this library using composer with the following command:
After that the PHP-Secure-Session handler will be automatically executed in your
project when consuming the vendor/autoload.php
file.
Usage
You don't have to do nothing to consume this library, the SecureHandler is automatically registered with session_set_save_handler() during the composer autoload.
How it works
The session data are encrypted using a random key stored in a cookie variable
starting with the prefix KEY_
.
This random key is generated using the random_bytes()
function of PHP 7. For PHP 5 versions we used the paragonie/random_compat
project that is a polyfill for random_bytes()
.
We also generated a random authentication key stored in the same cookie variable.
The value stored in the KEY_
cookie is the Base64
representation of the encryption key concatenated with the authentication key.
Demo
You can test the PHP-Secure-Session using the test/demo/index.php example. You can run the demo using the internal web server of PHP with the following command:
If you open the browser to localhost:8000 you will see the demo in action.
Copyright 2011-2018 by Enrico Zimuel
Released under the MIT License
All versions of php-secure-session with dependencies
ext-openssl Version *
ext-mbstring Version *
paragonie/random_compat Version ^2.0.2