The SecureHandler class extends the default
SessionHandler of PHP and
it adds only an encryption layer on the internal save handler.
The session management logic remains the same, that means you can use
SecureSession with all the PHP session handlers like 'file', 'sqlite',
'memcache' or 'memcached' which are provided by PHP extensions.
You can install this library using composer with the following command:
composer require ezimuel/php-secure-session
After that the PHP-Secure-Session handler will be automatically executed in your
project when consuming the
How it works
The session data are encrypted using a random key stored in a cookie variable
starting with the prefix
We also generated a random authentication key stored in the same cookie variable.
The value stored in the
KEY_ cookie is the Base64
representation of the encryption key concatenated with the authentication key.
You can test the PHP-Secure-Session using the test/demo/index.php example. You can run the demo using the internal web server of PHP with the following command:
php -S 0.0.0.0:8000 -t test/demo
If you open the browser to localhost:8000 you will see the demo in action.
Copyright 2011-2018 by Enrico Zimuel
Released under the MIT License