Get support for yiisoft/cookies

If you need help reviewing implementation, debugging, understanding undocumented features or anything in general with yiisoft/cookies, you can see the list of people available to help below. Save yourself timme by talking directly to the owner, maintainers and contributors of yiisoft/cookies. Who is better qualified to help you? You also get the added benefit of providing additional revenue to the projects you use, helping them remain sustainable.

Save yourself timme by talking directly to the owner, maintainers and contributors of yiisoft/cookies. Who is better qualified to help you? You also get the added benefit of providing additional revenue to the projects you use, helping them remain sustainable.

If you're new to LTH, please see our FAQ for more information on what it is we do.

Support Options

Unfortunately, there are currently no active helpers for this repository on the platform. Until they become available, we reccomend the following actions:

View Open Issues

Take a look to see if anyone else has experienced the same issue as you and if they managed to solve it.

Open an Issue

Make sure to read any relevant guidelines for opening issues on this repo before posting a new issue.

Sponsor directly

Check out the page and see if there are any options to sponsor this project or it's developers directly.

yiisoft/cookies

View on github

The package helps in working with HTTP cookies in a PSR-7 environment:

provides a handy abstraction representing a cookie
allows dealing with many cookies at once
forms and adds Set-Cookie headers to response
signs a cookie to prevent its value from being tampered with
encrypts a cookie to prevent its value from being tampered with
provides PSR-15 middleware for encrypting and signing cookie values

Requirements

PHP 7.4 or higher.

Installation

The package could be installed with Composer:

composer require yiisoft/cookies

General usage

Adding a cookie to response:

$cookie = (new \Yiisoft\Cookies\Cookie('cookieName', 'value'))
    ->withPath('/')
    ->withDomain('yiiframework.com')
    ->withHttpOnly(true)
    ->withSecure(true)
    ->withSameSite(\Yiisoft\Cookies\Cookie::SAME_SITE_STRICT)
    ->withMaxAge(new \DateInterval('P7D'));

$response = $cookie->addToResponse($response);

Modifying response cookies to be sent:

$cookies = \Yiisoft\Cookies\CookieCollection::fromResponse($response);
$cookies->expire('login');
$response = $cookies->setToResponse($response);

Getting request cookies:

$cookies = \Yiisoft\Cookies\CookieCollection::fromArray($request->getCookieParams());

Signing a cookie to prevent its value from being tampered with:

$cookie = new \Yiisoft\Cookies\Cookie('identity', 'identityValue');

// The secret key used to sign and validate cookies.
$key = '0my1xVkjCJnD_q1yr6lUxcAdpDlTMwiU';
$signer = new \Yiisoft\Cookies\CookieSigner($key);

// Prefixes unique hash based on the value of the cookie and a secret key.
$signedCookie = $signer->sign($cookie);

// Validates and get backs the cookie with clean value.
$cookie = $signer->validate($signedCookie);

// Before validation, check if the cookie is signed.
if ($signer->isSigned($cookie)) {
    $cookie = $signer->validate($cookie);
}

Encrypting a cookie to prevent its value from being tampered with:

$cookie = new \Yiisoft\Cookies\Cookie('identity', 'identityValue');

// The secret key used to sign and validate cookies.
$key = '0my1xVkjCJnD_q1yr6lUxcAdpDlTMwiU';
$encryptor = new \Yiisoft\Cookies\CookieEncryptor($key);

// Encrypts cookie value based on the secret key.
$encryptedCookie = $encryptor->encrypt($cookie);

// Validates, decrypts and get backs the cookie with clean value.
$cookie = $encryptor->decrypt($encryptedCookie);

// Before decryption, check if the cookie is encrypted.
if ($encryptor->isEncrypted($cookie)) {
    $cookie = $encryptor->decrypt($cookie);
}

Using a PSR-15 middleware to encrypt and sign cookie values.

/**
 * @var \Psr\Http\Message\ServerRequestInterface $request
 * @var \Psr\Http\Server\RequestHandlerInterface $handler
 * @var \Psr\Log\LoggerInterface $logger
 */

// The secret key used to sign and validate cookies.
$key = '0my1xVkjCJnD_q1yr6lUxcAdpDlTMwiU';
$signer = new \Yiisoft\Cookies\CookieSigner($key);
$encryptor = new \Yiisoft\Cookies\CookieEncryptor($key);

$cookiesSettings = [
    'identity' => \Yiisoft\Cookies\CookieMiddleware::ENCRYPT,
    'name_[1-9]' => \Yiisoft\Cookies\CookieMiddleware::SIGN,
    'prefix*' => \Yiisoft\Cookies\CookieMiddleware::SIGN,
];

$middleware = new \Yiisoft\Cookies\CookieMiddleware(
    $logger
    $encryptor,
    $signer,
    $cookiesSettings,
);

// The cookie parameter values from the request are decrypted/validated.
// The cookie values are encrypted/signed, and appended to the response.
$response = $middleware->process($request, $handler);

Create cookie with raw value that will not be encoded:

$cookie = (new \Yiisoft\Cookies\Cookie('cookieName'))
    ->withRawValue('ebaKUq90PhiHck_MR7st-E1SxhbYWiTsLo82mCTbNuAh7rgflx5LVsYfJJseyQCrODuVcJkTSYhm1WKte-l5lQ==')