CODEWITHSUNDEEP
phpcodeignitercookiesencryption
Filippo oretti
Filippo oretti

Reputation: 49817

Codeigniter cookies encryptiion

why does my cookies are not encrypted? i see them as plain text and i can edit them easly, cause it's plain text :O

i'm using:

    $config['sess_cookie_name']     = 'sess_id';
    $config['sess_expiration']      = 0; //24hours -> 8640
    $config['sess_expire_on_close'] = TRUE;
    $config['sess_encrypt_cookie']  = TRUE;
    $config['sess_use_database']    = TRUE;
    $config['sess_table_name']      = 'session';
    $config['sess_match_ip']        = FALSE;
    $config['sess_match_useragent'] = TRUE;
    $config['sess_time_to_update']  = 3000000000;
$config['encryption_key'] = 'dfs78fh834fh83h4fhhsdifsihdfh99inf83kjwnefkjwenfknwkejnfowejnf82';

and to set cookie i use an hooks that looks like this:

function setUserCountry($country){

    $CI =& get_instance();
    $CI->input->set_cookie(
      array(
        'name'=>'user_country',
        'value'=>str_replace(array('"',"'",">","<"),"",$country),
        'expire'=>'8650000000',
        'secure'=>TRUE
        ));
    }

the hook is called pre_controller:

$hook['pre_controller'] = //run my cookie hook setUserCountry() method

and this is how the cookie looks once is created:

enter image description here

Upvotes: 1

Views: 6152

Answers (2)

qwertzman
qwertzman

Reputation: 782

So you are feeding an array to the set_cookie() $name parameter, with secure = true.

if ($secure == FALSE AND config_item('cookie_secure') != FALSE)
        {
            $secure = config_item('cookie_secure');
        }

This code inside system/core/Input.php will cause problems. So unless you either turn off global cookie encryption or leave out $secure in your array, it should work.

EDIT
Cookies not beeing set, codeigniter correctly points out the problem

You need to load the cookie helper though. Also, use the post_controller_constructor hook instead. http://ellislab.com/codeigniter/user-guide/general/hooks.html

Also, isn't it better to just use this way? http://philsturgeon.co.uk/blog/2010/02/CodeIgniter-base-Classes-Keeping-it-DRY and add your cookies to the extended core controller.

Upvotes: 1

Ganesh Kanawade
Ganesh Kanawade

Reputation: 381

For encrypt the cookie in codeigniter make changes in the config.php file at

$config['sess_encrypt_cookie']  = FALSE;

change this line to 

$config['sess_encrypt_cookie']  = TRUE;

Also set the encryption key at

$config['encryption_key'] = "";

Upvotes: 4

Related Questions