Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Yii2] Cookie signing #4656

Closed
SamMousa opened this issue Nov 30, 2017 · 2 comments
Closed

[Yii2] Cookie signing #4656

SamMousa opened this issue Nov 30, 2017 · 2 comments
Labels

Comments

@SamMousa
Copy link
Collaborator

@SamMousa SamMousa commented Nov 30, 2017

What are you trying to achieve?

I'd like to use $I->setCookie() without disabling Yii's cookie validation.

What do you get instead?

The Yii request object filters unsigned cookies.

Details

This could be solved by overriding setCookie in the Yii2 module:

public function setCookie($name, $val, array $params = [])
    {
        // Sign the cookie.
        if ($this->app->request->enableCookieValidation) {
            $val = Yii::$app->getSecurity()->hashData(serialize([$name, $val]), $this->app->request->cookieValidationKey);
        }
        parent::setCookie($name, $val, $params);
    }

The issue is not a technical one, but more a philosophical one: Do we want to support these security features during testing? In my opinion disabling them increases changes of a misconfiguration ending up in production somewhere.

@samdark samdark added the Yii label Nov 30, 2017
@samdark
Copy link
Collaborator

@samdark samdark commented Nov 30, 2017

Yes. Would be good if it will work out of the box.

SamMousa added a commit to SamMousa/Codeception that referenced this issue Dec 12, 2017
@SamMousa
Copy link
Collaborator Author

@SamMousa SamMousa commented Dec 12, 2017

See PR #4684

@samdark samdark closed this Dec 14, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants