Comments (6)
@gollumben At one point I was working on just this issue, not sure if this is helpful but I do have a PR to a local branch which may have some code which would help you. https://github.com/hardyjohnson/PHP-Secure-Session/pull/2/files
from php-secure-session.
@gollumben ok, we need a unit test for this case. Can you provide one? Otherwise I can work on it. Let me know, thanks!
Regarding the question about security, the reason we store the key in the client (browser) using the cookies is to separate it from the encrypted data that are stored in the server. To protect cookies you can use HTTPS and limit the scope to a specific domain, in this article you can find more info about cookies security.
from php-secure-session.
Sorry for the late reply. Here is a minimal working example. It is important that you close your browser and open it again, since the cookies have to be deleted. You should see an error of the type
Fatal error: Uncaught RuntimeException: Authentication failed in /var/www/html/securesession/vendor/ezimuel/php-secure-session/src/SecureHandler.php:125 Stack trace: #0 /var/www/html/securesession/vendor/ezimuel/php-secure-session/src/SecureHandler.php(63): PHPSecureSession\SecureHandler->decrypt('\xAF\xDD\xCD\xDF\x01A8$\xE1\x1A\xB8y\n\xD0~...', '\x86\x8A\xB0\xBC{\xB9u\x08\x88\x8F\xFD\xA8}\xCB\xEF...') #1 [internal function]: PHPSecureSession\SecureHandler->read('hpjckkp8cjfdoh6...') #2 /var/www/html/securesession/vendor/ezimuel/php-secure-session/test/demo/index.php(26): session_start() #3 {main} thrown in /var/www/html/securesession/vendor/ezimuel/php-secure-session/src/SecureHandler.php on line 125
If you reload, the error should be gone.
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
ini_set('session.save_handler', 'files');
$autoload = __DIR__ . '/../../../../../vendor/autoload.php';
if (! file_exists($autoload)) {
echo "You need to execute <strong>composer install</strong>!";
exit;
}
require_once $autoload;
// change the default session folder in a temporary dir
session_save_path(sys_get_temp_dir());
session_start();
session_write_close();
session_start();//this is where things fail, as the key is not registered in the cookies, so it is generated randomly again and does not match the previous key
session_write_close();
echo "End of file";
?>
For me, this error is not apparent, if applying the changes I suggested.
from php-secure-session.
@gollumben We need to transform this in a unit test, I will work on it.
from php-secure-session.
@gollumben I solved the issue providing a unit test with commit 6ddb28c /cc @hardyjohnson
from php-secure-session.
Cheers!
from php-secure-session.
Related Issues (20)
- Session lost on an oher page HOT 4
- Compatibility Zend Framework 1 HOT 1
- change default folder HOT 2
- Encrypted data doesn't change when reload
- MCrypt Fallback HOT 1
- Session gets destroy sometime HOT 9
- Session wrapper loses data when serving concurrent requests. HOT 11
- register_secure_session.php breaks application HOT 1
- UTF-8 serialize error for save in MongoDB HOT 5
- How to know if it is working or not ? HOT 5
- Demo HOT 1
- Please use specific exception HOT 1
- PHP 7.2+ Compatibility HOT 1
- Error in session_start HOT 6
- Decouple encryption/signing logic HOT 2
- Warning on autoload.php HOT 1
- You need more documentation HOT 1
- php.ini settings HOT 1
- Warning : failed to open stream HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from php-secure-session.