PHP Class lithium\storage\session\strategy\Hmac

Example configuration: Session::config(array('default' => array( 'adapter' => 'Cookie', 'strategies' => array('Hmac' => array('secret' => 'foobar')) ))); This will configure the HMAC strategy to be used for all Session operations with the default named configuration. A hash-based message authentication code (HMAC) will be calculated for all data stored in your cookies, and will be compared to the signature stored in your cookie data. If the two do not match, then your data has been tampered with (or you have modified the data directly _without_ passing through the Session class, which amounts to the same), then a catchable RuntimeException is thrown. Please note that this strategy is very finnicky, and is so by design. If you attempt to access or modify the stored data in any way other than through the Session class configured with the Hmac strategy with the properly configured secret, then it will probably blow up.
See link: Wikipedia: Hash-based Message Authentication Code
Inheritance: extends lithium\core\Object
Datei anzeigen Open project: unionofrad/lithium

Protected Properties

Property Type Description
$_secret The HMAC secret.

Public Methods

Method Description
__construct ( array $config = [] ) : void Constructor.
delete ( mixed $data, array $options = [] ) : array Delete strategy method.
read ( array $data, array $options = [] ) : array Read strategy method.
write ( mixed $data, array $options = [] ) : array Write strategy method.

Protected Methods

Method Description
_signature ( mixed $data, null | string $secret = null ) : string Calculate the HMAC signature based on the data and a secret key.

Method Details

__construct() public method

Constructor.
public __construct ( array $config = [] ) : void
$config array Configuration array. Will throw an exception if the 'secret' configuration key is not set.
return void

_signature() protected static method

Calculate the HMAC signature based on the data and a secret key.
protected static _signature ( mixed $data, null | string $secret = null ) : string
$data mixed
$secret null | string Secret key for HMAC signature creation.
return string HMAC signature.

delete() public method

Delete strategy method.
See also: lithium\storage\Session
See also: lithium\core\Adaptable::config()
See link: PHP Manual: hash_hmac()
public delete ( mixed $data, array $options = [] ) : array
$data mixed The data to be signed.
$options array Options for this method.
return array Data & signature.

read() public method

Validates the HMAC signature of the stored data. If the signatures match, then the data is safe and will be passed through as-is. If the stored data being read does not contain a __signature field, a MissingSignatureException is thrown. When catching this exception, you may choose to handle it by either writing out a signature (e.g. in cases where you know that no pre-existing signature may exist), or you can blackhole it as a possible tampering attempt.
public read ( array $data, array $options = [] ) : array
$data array The data being read.
$options array Options for this method.
return array Validated data.

write() public method

Adds an HMAC signature to the data. Note that this will transform the passed $data to an array, and add a __signature key with the HMAC-calculated value.
See also: lithium\storage\Session
See also: lithium\core\Adaptable::config()
See link: PHP Manual: hash_hmac()
public write ( mixed $data, array $options = [] ) : array
$data mixed The data to be signed.
$options array Options for this method.
return array Data & signature.

Property Details

$_secret protected_oe static_oe property

The HMAC secret.
protected static $_secret