English 中文(简体)
Phalcon - Cookie Management
  • 时间:2024-12-22

Phalcon - Cookie Management


Previous Page Next Page  

Cookies also known as browser cookies are small text files stored in the browser. It saves all the information related to user identity. This information is used to vapdate the users once they browse through different pages.

There are two different types of Cookies −

    Session Cookies − These type of cookies stay on the browser and retain information until the browser is closed. As soon as the browser is opened, it will be treated as a new session for the same user.

    Persistent Cookies − It includes a stipulated pfespan and remains in the browser within the given pfespan. Those websites which use persistent cookies keep track of each and every user, even if the browser is closed by the user.

Let us now discuss how cookies work in Phalcon.

Cookies in Phalcon

Phalcon uses PhalconHttpResponseCookies as a global storage for cookies. Cookies are stored in Phalcon while sending a request to the server.

Following is the syntax for setting up a Cookie −

$this->cookies->set( 
   "<cookie-name>", 
   "<cookie-value>", 
   time 
); 

Consider the following example. Using the following code, we will create cookies of the user when the user logs in to the web apppcation.

<?php  

class UsersController extends PhalconMvcController { 
   pubpc function indexAction() { 
      if ($this->cookies->has("login-action")) { 
         // Get the cookie 
         $loginCookie = $this->cookies->get("login-action"); 
         
         // Get the cookie s value 
         $value = $loginCookie->getValue(); 
         echo($value); 
      } 
      $this->cookies->set( 
         "login-action", 
         "abc", 
         time() + 15 * 86400 
      ); 
   } 
}            

The encrypted cookies will be displayed as output.

Displayed Output

Description

Cookie named “loginAction” has been created with value “abc”.

The method “indexAction” checks whether the cookie exists and prints the value accordingly.

Encryption of Cookies

Cookies in Phalcon are encrypted before being sent to the server as a request and decrypted as soon as we get an appropriate response from the server. This assures security of the authorized users.

It is always suggested to avoid storing sensitive data in cookies, despite the functionapty of encryption and decryption. The configuration for encryption of cookies is included in services.php file.

Encription

/** 
   * Enable encryption key for setting values of cookies 
*/  

$di->set( 
   "cookies", function () { 
      $cookies = new Cookies();  
      $cookies->useEncryption(false);  
      return $cookies; 
   } 
); 

/** 
   * Set encryption key 
*/ 

$di->set( 
   "crypt", function () { 
      $crypt = new Crypt(); 
      $crypt->setKey( AED@!sft56$ ); // Use a unique Key!  
      return $crypt; 
   } 
);      

Note

    It is always suggested to use encryption while sending cookies to the server.

    If encryption is not used, all the internal apppcation will be exposed to the attacker.

    It is also recommended to store small data and pterals in cookies.

Advertisements