PHP Classes

Cookie for handling session data

Recommend this page to a friend!

      PHP Classes blog  >  How to Use PHP Sessio...  >  All threads  >  Cookie for handling session data  >  (Un) Subscribe thread alerts  
Subject:Cookie for handling session data
Summary:Using Cookie for managing session data with encryption.
Messages:1
Author:Ramesh Narayan Jangid
Date:2023-08-11 10:02:36
Update:2023-08-11 14:23:17
 

  1. Cookie for handling session data   Reply   Report abuse  
Picture of Ramesh Narayan Jangid Ramesh Narayan Jangid - 2023-08-11 14:23:17
<?php
class MySessionHandler implements SessionHandlerInterface
{
function __construct()
{
// Store the key and IV somewhere safe
//$key = openssl_random_pseudo_bytes(32); // 256-bit key
//$iv = openssl_random_pseudo_bytes(16); // 128-bit IV

// Store the base64 key and IV somewhere safe
//$key_base64 = base64_encode($key);
//$iv_base64 = base64_encode($vi);

// Use the store base64 key and IV below
$key_base64 = 's8Livn/jULM6HDdPY76E3aXtfELdleTaqOC8HgTfW7M=';
$iv_base64 = 'nswqKP23TT+deVNuaV5nXQ==';
$this->key = base64_decode($key_base64);
$this->iv = base64_decode($iv_base64);
}

// Encryption
function encryptSess($plaintext)
{
return openssl_encrypt($plaintext, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv);
}

// Decryption
function decryptSess($ciphertext)
{
return openssl_decrypt($ciphertext, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv);
}

public function open($savePath, $sessionName): bool
{
ob_start(); // Turn on output buffering
return true;
}

public function close(): bool
{
return true;
}

#[\ReturnTypeWillChange]
public function read($id)
{
if (isset($_COOKIE[session_name()])) {
return (string)$this->decryptSess(base64_decode($_COOKIE[session_name()]));
} else {
return '';
}
}

public function write($id, $data): bool
{
$op = ob_get_clean();
$encryptedData = base64_encode($this->encryptSess($data));
setcookie(session_name(), $encryptedData, time() + (ini_get("session.gc_maxlifetime")), '/');
echo $op;

return true;
}

public function destroy($id): bool
{
return true;
}

#[\ReturnTypeWillChange]
public function gc($maxlifetime)
{
return true;
}
}

$handler = new MySessionHandler();
session_set_save_handler($handler, true);
session_start();
var_dump($_SESSION);
$_SESSION['id'] = 10000;

echo '<br/>Hello World';
?>