This class is a transparent base class for Cookie and should not be accessed directly.
Cookie helper.
Class declared in SYSPATH/classes/Kohana/Cookie.php on line 11.
string
$domainRestrict the domain that the cookie is available to
NULL
integer
$expirationNumber of seconds before the cookie expires
integer 0
boolean
$httponlyOnly transmit cookies over HTTP, disabling Javascript access
bool FALSE
string
$pathRestrict the path that the cookie is available to
string(1) "/"
string
$saltMagic salt to add to the cookie
string(5) "12345"
boolean
$secureOnly transmit cookies over secure connections
bool FALSE
Deletes a cookie by making the value NULL and expiring it.
Cookie::delete('theme');
string
$name
required - Cookie nameboolean
public static function delete($name)
{
// Remove the cookie
unset($_COOKIE[$name]);
// Nullify the cookie and make it expire
return static::_setcookie($name, NULL, -86400, Cookie::$path, Cookie::$domain, Cookie::$secure, Cookie::$httponly);
}
Gets the value of a signed cookie. Cookies without signatures will not be returned. If the cookie signature is present, but invalid, the cookie will be deleted.
// Get the "theme" cookie, or use "blue" if the cookie does not exist
$theme = Cookie::get('theme', 'blue');
string
$key
required - Cookie namemixed
$default
= NULL - Default value to returnstring
public static function get($key, $default = NULL)
{
if ( ! isset($_COOKIE[$key]))
{
// The cookie does not exist
return $default;
}
// Get the cookie value
$cookie = $_COOKIE[$key];
// Find the position of the split between salt and contents
$split = strlen(Cookie::salt($key, NULL));
if (isset($cookie[$split]) AND $cookie[$split] === '~')
{
// Separate the salt and the value
list ($hash, $value) = explode('~', $cookie, 2);
if (Security::slow_equals(Cookie::salt($key, $value), $hash))
{
// Cookie signature is valid
return $value;
}
// The cookie signature is invalid, delete it
static::delete($key);
}
return $default;
}
Generates a salt string for a cookie based on the name and value.
$salt = Cookie::salt('theme', 'red');
string
$name
required - Name of cookiestring
$value
required - Value of cookie
string
public static function salt($name, $value)
{
// Require a valid salt
if ( ! Cookie::$salt)
{
throw new Kohana_Exception('A valid cookie salt is required. Please set Cookie::$salt in your bootstrap.php. For more information check the documentation');
}
// Determine the user agent
$agent = isset($_SERVER['HTTP_USER_AGENT']) ? strtolower($_SERVER['HTTP_USER_AGENT']) : 'unknown';
return hash_hmac('sha1', $agent.$name.$value.Cookie::$salt, Cookie::$salt);
}
Sets a signed cookie. Note that all cookie values must be strings and no automatic serialization will be performed!
By default, Cookie::$expiration is 0 - if you skip/pass NULL for the optional lifetime argument your cookies will expire immediately unless you have separately configured Cookie::$expiration.
// Set the "theme" cookie
Cookie::set('theme', 'red');
string
$name
required - Name of cookiestring
$value
required - Value of cookieinteger
$lifetime
= NULL - Lifetime in secondsboolean
public static function set($name, $value, $lifetime = NULL)
{
if ($lifetime === NULL)
{
// Use the default expiration
$lifetime = Cookie::$expiration;
}
if ($lifetime !== 0)
{
// The expiration is expected to be a UNIX timestamp
$lifetime += static::_time();
}
// Add the salt to the cookie value
$value = Cookie::salt($name, $value).'~'.$value;
return static::_setcookie($name, $value, $lifetime, Cookie::$path, Cookie::$domain, Cookie::$secure, Cookie::$httponly);
}
Proxy for the native setcookie function - to allow mocking in unit tests so that they do not fail when headers have been sent.
string
$name
required - $namestring
$value
required - $valueinteger
$expire
required - $expirestring
$path
required - $pathstring
$domain
required - $domainboolean
$secure
required - $secureboolean
$httponly
required -
bool
protected static function _setcookie($name, $value, $expire, $path, $domain, $secure, $httponly)
{
return setcookie($name, $value, $expire, $path, $domain, $secure, $httponly);
}
Proxy for the native time function - to allow mocking of time-related logic in unit tests
int
protected static function _time()
{
return time();
}