Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Encrypting cookies in PHP

How can i encrypt and later decrypt a value of a cookie in PHP (how secure will the encryption be )

like image 790
Ross Avatar asked Apr 15 '10 19:04

Ross


People also ask

How do I encrypt cookies in PHP?

As far as ways to encrypt cookie contents, the Suhosin PHP extension provides the ability to transparently encrypt all cookies. If you have the ability to install PHp extensions this may or may not be easier for you than writing your own encryption scheme.

Can you encrypt cookies?

Encrypting the value of the cookie is a good way to mitigate this risk. If the value has encryption the client can't know what it means. This prevents attackers from sniffing cookie values and crafting attacks on the server. The encryption you use can be a one-way lookup of the cookie value.

What is Setcookie () function?

The setcookie() function defines a cookie to be sent along with the rest of the HTTP headers. A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each time the same computer requests a page with a browser, it will send the cookie too.

How do you create a cookie in PHP?

A cookie is created with the setcookie() function.


1 Answers

There a variety of different ways to encrypt information in cookies and elsewhere. The strength of the encryption will vary by the method you choose to do the actual encryption. mycrypt is a good place to start. See this answer for an example of using mcrypt.

I don't recommend putting anything sensitive in a cookie, even if it is going to be encrypted. Way too tempting for someone to crack. Try sticking to sessions if you can.

like image 162
John Conde Avatar answered Oct 13 '22 03:10

John Conde