php session encryption

4.6k Views Asked by Paul At 16 May 2025 at 22:07

I'd like to have sessions data encrypted like they are in suhosin, is there any library out there providing that?

There are 2 best solutions below

Jestep On 08 November 2009 at 14:26 BEST ANSWER

You could easily use mcrypt or a custom AES encryption to encrypt session data. The best bet would to create a session wrapper class that encrypts variables when you set them.

For key management, you could create a unique key and store it in a cookie, so that only the user can decrypt their own session data.

d.raev On 13 June 2013 at 07:26

There exampleimplementation for Zend Framework here: http://www.eschrade.com/page/encrypted-session-handler-4ce2fce4/

the important functions for reference:

// $this->secredKey is stored in a cookie
// $this->_iv is created at the start
public function setEncrypted($key, $value)
{
    $_SESSION[$key] = bin2hex(
        mcrypt_encrypt(
            MCRYPT_3DES,
            $this->secretKey,
            $value,
            MCRYPT_MODE_CBC,
            $this->_iv
        )
    );
}

public function getEncrypted($key)
{
    if (isset($_SESSION[$key])) {
        $decrypt = mcrypt_decrypt(
            MCRYPT_3DES,
            $this->secretKey,
            pack(
                'H*',
                $_SESSION[$key]
            ),
            MCRYPT_MODE_CBC,
            $this->_iv
        );
        return rtrim($decrypt, "\0"); // remove null characters off of the end
    }
    return null;
}

php session encryption

There are 2 best solutions below

Related Questions in PHP

Related Questions in SECURITY

Related Questions in ENCRYPTION

Related Questions in SESSION

Related Questions in SUHOSIN

Trending Questions

Popular # Hahtags

Popular Questions