php 7.3中的自定义会话处理程序类的问题

时间:2019-09-06 14:21:53

标签: php

我正在使用OpenSSL加密方法创建自定义会话处理程序类。

我的问题是当我直接调用openssl_encrypt()时,它工作正常且数据已加密,但是当从write()函数调用时,该函数在将值分配给$result = array( 'color' => array( 'blue' => '1234' 'red' => '1236' // the item itself 'black' => '1239' ), 'size' => array( 's' => '1236' // the item itself 'm' => '1237' 'l' => '1238' ) ); 时自动调用,数据未加密。

我正在使用PHP 7.3。

我的自定义课程代码: 

$_SESSION['msg'] = 'This data should be encrypted';

下面的代码很好用,但是没有加密

<?php

define("SESSION_SAVE_PATH", __DIR__ . DIRECTORY_SEPARATOR . "tmp_sessions");

class AppSessionHandler extends SessionHandler{

    private $sessionName        = "MYSESS";
    private $sessionMaxLifeTime = 0;
    private $sessionSSL         = false;
    private $sessionHTTPOnly    = true;
    private $sessionPath        = "/";
    private $sessionDomain      = 'localhost'; // or leave empty if not work
    private $sessionSavePath    = SESSION_SAVE_PATH;

        private $sessionCipherMode  = 'aes-256-gcm';
        private $sessionCipherKey   = 'WYCRYPT0K3Y@20-20';
        private $ivlen              = 16;
        private $tags               = NULL; 


        public function __construct(){

        ini_set('session.use_cookies', 1);
        ini_set('session.use_only_cookies', 1);
        ini_set('session.use_trans_sid', 0);
        ini_set('session.save_handler', 'files');

        session_name($this->sessionName);
        session_save_path($this->sessionSavePath);

        session_set_cookie_params(
            $this->sessionMaxLifeTime,
            $this->sessionPath,
            $this->sessionDomain,
            $this->sessionSSL,
            $this->sessionHTTPOnly
        );
    }

    public function read($id)
    {
        return openssl_decrypt(parent::read($id), $this->sessionCipherAlgo, $this->sessionCipherKey);
    }

    public function write($sid, $data){
        return parent::write($sid, $this->encrypt($data) );
    }

    public function encrypt($plainText){
        if ( in_array ( $this->sessionCipherMode, openssl_get_cipher_methods() ) ) {
            $ivlen          = openssl_cipher_iv_length($this->sessionCipherMode);
            $iv             = openssl_random_pseudo_bytes($ivlen);
            $key            = random_bytes(32);
            $cipherData     = openssl_encrypt($plainText,$this->sessionCipherMode,$key,OPENSSL_RAW_DATA,$iv,$tags);
        }
        return $cipherData;
    }

    public function start(){
        // start session if no session start yet
        if( session_status() !== PHP_SESSION_ACTIVE){
            session_start();
        }
    }
}

1 个答案:

答案 0 :(得分:0)

您尚未将自定义会话处理程序注册到会话系统。使用session_set_save_handler()注册您的会话处理程序:

ingress

您必须删除session_set_save_handler(new AppSessionHandler()); 行,因为这不是您想要的。

相关问题
最新问题