News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Kevin Schroeder's Blog:
Encrypted session handler
November 17, 2010 @ 09:54:36

In a new post to his blog Kevin Schroeder shares an encrypted session handler he's created to keep sensitive information away from prying eyes (since session data is usually plain text). The result ended up in a component easily used in a Zend Framework application.

A little while ago I had come upon the problem of having to store sensitive data in a user session. The solution that I (and several others came upon) was creating a mechanism for storing encrypted data in a session. But what we wanted to do was build something that didn't have a single point of failure. We also wanted to build something portable. What we built was a simple Zend Framework session handler for storing sensitive data.

The class - App_Session_Secure_Namespace - extends the standard Zend namespace and uses the mcrypt functionality to encrypt (and decrypt the session data). The setup uses a cookie for the initialization vector (domain based, naturally) making it very difficult for someone to access the encrypted session information outside of the application.

0 comments voice your opinion now!
zendframework encrypted session handler tutorial


blog comments powered by Disqus

Similar Posts

Builder.com.au: Text-size switching with PHP and CSS

ProWebDeveloper.info: Reducing Database Load with Secure Client-side Sessions

Zend Developer Zone: The ZendCon Sessions Episode 4: IBM DB2 with PHP 5.2 and AJAX

Bnnx.com: Installing the Zend Optimizer

PHPro.org: Automated Testing With Selenium2 And PHPUnit


Community Events





Don't see your event here?
Let us know!


series symfony podcast community version library composer language release laravel introduction conference interview artisanfiles tool opinion framework security list voicesoftheelephpant

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework