DEVHIDE
Login Or Sign up

php session encryption

4.6k Views Asked by At

I'd like to have sessions data encrypted like they are in suhosin, is there any library out there providing that?

php security encryption session suhosin
Original Q&A
2

There are 2 best solutions below

1
Jestep On BEST ANSWER

You could easily use mcrypt or a custom AES encryption to encrypt session data. The best bet would to create a session wrapper class that encrypts variables when you set them.

For key management, you could create a unique key and store it in a cookie, so that only the user can decrypt their own session data.

0
d.raev On

There exampleimplementation for Zend Framework here: http://www.eschrade.com/page/encrypted-session-handler-4ce2fce4/

the important functions for reference:

// $this->secredKey is stored in a cookie
// $this->_iv is created at the start
public function setEncrypted($key, $value)
{
    $_SESSION[$key] = bin2hex(
        mcrypt_encrypt(
            MCRYPT_3DES,
            $this->secretKey,
            $value,
            MCRYPT_MODE_CBC,
            $this->_iv
        )
    );
}

public function getEncrypted($key)
{
    if (isset($_SESSION[$key])) {
        $decrypt = mcrypt_decrypt(
            MCRYPT_3DES,
            $this->secretKey,
            pack(
                'H*',
                $_SESSION[$key]
            ),
            MCRYPT_MODE_CBC,
            $this->_iv
        );
        return rtrim($decrypt, "\0"); // remove null characters off of the end
    }
    return null;
}

Related Questions in PHP

Related Questions in SECURITY

Related Questions in ENCRYPTION

Related Questions in SESSION

Related Questions in SUHOSIN

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.