PHP Class lithium\storage\session\strategy\Hmac
Example configuration:
Session::config(array('default' => array(
'adapter' => 'Cookie',
'strategies' => array('Hmac' => array('secret' => 'foobar'))
)));
This will configure the
HMAC strategy to be used for all
Session operations with the
default named configuration. A hash-based message authentication code (HMAC) will be
calculated for all data stored in your cookies, and will be compared to the signature
stored in your cookie data. If the two do not match, then your data has been tampered with
(or you have modified the data directly _without_ passing through the
Session class, which
amounts to the same), then a catchable
RuntimeException is thrown.
Please note that this strategy is very finnicky, and is so by design. If you attempt to access
or modify the stored data in any way other than through the
Session class configured with the
Hmac strategy with the properly configured
secret, then it will probably blow up.
Datei anzeigen
Open project: unionofrad/lithium
Protected Properties
Property |
Type |
Description |
|
$_secret |
|
The HMAC secret. |
|
Public Methods
Protected Methods
Method Details
__construct()
public method
public __construct ( array $config = [] ) : void |
$config |
array |
Configuration array. Will throw an exception if the 'secret'
configuration key is not set. |
return |
void |
|
_signature()
protected static method
Calculate the HMAC signature based on the data and a secret key.
Validates the HMAC signature of the stored data. If the signatures match, then the data
is safe and will be passed through as-is.
If the stored data being read does not contain a __signature field, a
MissingSignatureException is thrown. When catching this exception, you may choose
to handle it by either writing out a signature (e.g. in cases where you know that no
pre-existing signature may exist), or you can blackhole it as a possible tampering
attempt.
Adds an HMAC signature to the data. Note that this will transform the
passed $data to an array, and add a __signature key with the HMAC-calculated
value.
Property Details
$_secret protected_oe static_oe property
protected static $_secret |