带有加密cookies的PHP会话类
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了带有加密cookies的PHP会话类相关的知识,希望对你有一定的参考价值。
I’ve made this class that can use normal session variables, or cookies. This class can use cookies in two ways: store a single variable in each cookie, or pack many variables, encrypt, and store them into cookies.Now I always use this class when I have to use session/cookies and when I know that I have not to put too many bytes in cookies (since cookie size is limited).
<?php ///////////////////////////////////////////////////// // this class was build // to handle session with cookie or not // if you choose "zipcook" value the cookies // are crypted and packed to hide data to malicious // users. // // $use_cookie parameter values: // no --------> use session // yes -------> use cookie, one cookie for each variable // zipcook ---> encrypted cookies // // by Giulio Pons, http://www.barattalo.it // ///////////////////////////////////////////////////// class Session { private $use_cookie; private $preStr; private $maxCookie; private $cookieLenght; private $stringone; private $duratacookie; private $secret; public function __construct ($cook = "zipcook") { $this->use_cookie = $cook; //choose mode $this->preStr= "_KK_"; //prefix for cookies $this->maxCookie=20; //since cookie lenght is limited, I've limited the number of cookies $this->cookieLenght=3096; //max cookie length (it depends on browser) $this->duratacookie=3600*24;//cookie life time $this->secred="secret"; //secret keyword to crypt/decrypt, change this to customize encryption if ($this->use_cookie=="yes") { } elseif ($this->use_cookie=="zipcook") { $this->stringone = $this->prelevaStringaTotale(); } else { } } /* ------------------------------------------- */ /* pack variables for parse_str */ /* ------------------------------------------- */ private function build_str($ar) { foreach ($ar as $k => $v) { $qs[] = $k.'='.$v; } } /* ------------------------------------------- */ /* get the list of variables from the crypted */ /* cookies */ /* ------------------------------------------- */ private function prelevaStringaTotale() { $out = ""; $out.=$_COOKIE[$cookiesSet[$x]]; } return $this->decrypta($out); } public function debug() { // for debug return $this->prelevaStringaTotale(); } /* ------------------------------------------- */ /* determine available cookies */ /* ------------------------------------------- */ private function calcolaCookieLiberi() { $c=0; $c+=1; } } /* ------------------------------------------- */ /* split the string in blocks to store cookies */ /* ------------------------------------------- */ private function my_str_split($s,$len) { $output[0] = $s; return $output; } $i = 0; $output[$i]=$s; $i++; } return $output; } /* ------------------------------------------- */ /* save vars in cookies or session */ /* ------------------------------------------- */ public function register($var,$value) { $this->set($var,$value); } public function set($var,$value) { if ($this->use_cookie=="yes") { } elseif ($this->use_cookie=="zipcook") { if ($this->stringone!="") { } else { } $vars[$var] = $value; //aggiungo-modifico valore $str = $this->crypta($this->build_str($vars)); $arr = $this->my_str_split($str,$this->cookieLenght); $cLiberi = $this->calcolaCookieLiberi(); // c'ho spazio, posso registrare $this->stringone = $this->build_str($vars); } } else { //cookie overflow return "errore cookie overflow"; } } else { } } /* ------------------------------------------- */ /* get variables back from cookies crypted or */ /* not, or directly from session */ /* ------------------------------------------- */ public function get($var) { if ($this->use_cookie=="yes") { global $_COOKIE; return $this->decrypta($_COOKIE[$var]); } elseif ($this->use_cookie=="zipcook") { if ($this->stringone!="") { } else { return ""; } return ""; } return $vars[$var]; } else { if ($this->is_registered($var)) { $this->$var=$GLOBALS[$var]; } else $this->$var = $GLOBALS[$var]; else $this->$var=""; return($this->$var); } } /* ------------------------------------------- */ /* empty session or cookis */ /* ------------------------------------------- */ public function finish() { if ($this->use_cookie=="yes") { //echo $cookiesSet[$x]."<br/>"; } } elseif ($this->use_cookie=="zipcook") { $this->stringone=""; } } else { } } /* crypt */ private function crypta($t){ if ($t=="") return $t; $c++; } } /* decrypt */ private function decrypta($t) { if ($t=="") return $t; $v = ""; $i++; } return $v; } /* used to crypt/decrypt */ private function ed($t) { $c++; } return $v; } } ?>
以上是关于带有加密cookies的PHP会话类的主要内容,如果未能解决你的问题,请参考以下文章
加密会话(SSL)Cookie 中缺少 Secure 属性 漏洞修复
用 Java 解决“加密会话 (ssl) cookie 中缺少安全属性”