PHP Classes

File: readme_SafeCookie.php

Recommend this page to a friend!
  Classes of Ray Paseur   PHP Secure Cookie   readme_SafeCookie.php   Download  
File: readme_SafeCookie.php
Role: Documentation
Content type: text/plain
Description: Readme text file
Class: PHP Secure Cookie
Store cookies allowing to detect unwanted changes
Author: By
Last change:
Date: 5 years ago
Size: 1,606 bytes
 

Contents

Class file image Download
class SafeCookie This Class demonstrates an anti-tamper cookie. Modern browsers make it somewhat difficult for the casual user to damage a cookie, but since cookies are part of the HTTP request (and nothing in an HTTP request can be trusted) it is useful to have a strategy to add a measure of trust to cookies. This class uses a salted md5() string to make a "mirror" of the cookie value. Any change in the value of the cookie will be detected. In this case the damaged cookie will be removed and the SafeCookie::get() method will return False. If the cookie is shown to be intact, the cookie value (minus the salted digest) will be returned. The cookie looks like this: cookieValue|salted_md5_digest To the left of the pipe is the value of the cookie. To the right of the pipe is the md5() of the SALTed value. As long as the SALT string is unknown to the attacker, there is almost no chance that a tampered cookie will be consumed. To see the Class in action, install the class script along with the "demo" and "aux" scripts in the same directory of your web server. Then run the demo script and try clicking the links to refresh the browser. On the first execution of the "demo" script the cookie is not yet present, but it will be set. On the second and subsequent execution of the "demo" script you will see the cookie being returned over and over again. To see what happens if the cookie is damaged, click the appropriately labeled link, then go back and refresh the browser window with the "demo" script. You will see that the damaged cookie is not returned by SafeCookie::get()