. */ namespace SP\Core\Crypt; use Defuse\Crypto\Exception\CryptoException; use Defuse\Crypto\Key; /** * Class CryptSessionHandler * * @package SP\Core\Crypt */ final class CryptSessionHandler extends \SessionHandler { /** * @var bool Indica si la sesión está encriptada */ public static $isSecured = false; /** * @var Key */ private $key; /** * Session constructor. * * @param Key $Key */ public function __construct(Key $Key) { $this->key = $Key; } /** * Read session data * * @link http://php.net/manual/en/sessionhandler.read.php * * @param string $id The session id to read data for. * * @return string

* Returns an encoded string of the read data. * If nothing was read, it must return an empty string. * Note this value is returned internally to PHP for processing. *

* @since 5.4.0 */ public function read($id) { $data = parent::read($id); if (!$data) { return ''; } else { try { self::$isSecured = true; return Crypt::decrypt($data, $this->key); } catch (CryptoException $e) { self::$isSecured = false; logger($e->getMessage()); logger('Session data not encrypted.'); return $data; } } } /** * Write session data * * @link http://php.net/manual/en/sessionhandler.write.php * * @param string $id The session id. * @param string $data

* The encoded session data. This data is the * result of the PHP internally encoding * the $_SESSION superglobal to a serialized * string and passing it as this parameter. * Please note sessions use an alternative serialization method. *

* * @return bool

* The return value (usually TRUE on success, FALSE on failure). * Note this value is returned internally to PHP for processing. *

* @since 5.4.0 */ public function write($id, $data) { try { $data = Crypt::encrypt($data, $this->key); self::$isSecured = true; } catch (CryptoException $e) { self::$isSecured = false; logger('Could not encrypt session data.'); logger($e->getMessage()); } return parent::write($id, $data); } }