Cookie helper.
Class declared in SYSPATH/classes/Cookie.php on line 3.
string
$domainRestrict the domain that the cookie is available to
NULL
integer
$expirationNumber of seconds before the cookie expires
integer 0
boolean
$httponlyOnly transmit cookies over HTTP, disabling Javascript access
bool FALSE
string
$pathRestrict the path that the cookie is available to
string(1) "/"
string
$saltMagic salt to add to the cookie
string(4) "null"
boolean
$secureOnly transmit cookies over secure connections
bool FALSE
Deletes a cookie by making the value null and expiring it.
Cookie::delete('theme');
string
$name
required - Cookie name boolean
public static function delete($name)
{
// Remove the cookie
unset($_COOKIE[$name]);
// Nullify the cookie and make it expire
return static::_setcookie($name, null, -86400, Cookie::$path, Cookie::$domain, Cookie::$secure, Cookie::$httponly);
}
Gets the value of a signed cookie. Cookies without signatures will not be returned. If the cookie signature is present, but invalid, the cookie will be deleted.
// Get the "theme" cookie, or use "blue" if the cookie does not exist
$theme = Cookie::get('theme', 'blue');
string
$key
required - Cookie name mixed
$default
= NULL - Default value to return string
public static function get($key, $default = null)
{
if (!isset($_COOKIE[$key])) {
// The cookie does not exist
return $default;
}
// Get the cookie value
$cookie = $_COOKIE[$key];
// Find the position of the split between salt and contents
$split = strlen(Cookie::salt($key, null));
if (isset($cookie[$split]) AND $cookie[$split] === '~') {
// Separate the salt and the value
list ($hash, $value) = explode('~', $cookie, 2);
if (Security::slow_equals(Cookie::salt($key, $value), $hash)) {
// Cookie signature is valid
return $value;
}
// The cookie signature is invalid, delete it
static::delete($key);
}
return $default;
}
Generates a salt string for a cookie based on the name and value.
$salt = Cookie::salt('theme', 'red');
string
$name
required - Name of cookie string
$value
required - Value of cookie
string
public static function salt($name, $value)
{
// Require a valid salt
if (!Cookie::$salt) {
throw new Kohana_Exception('A valid cookie salt is required. Please set Cookie::$salt in your bootstrap.php. For more information check the documentation');
}
// Determine the user agent
$agent = isset($_SERVER['HTTP_USER_AGENT']) ? strtolower($_SERVER['HTTP_USER_AGENT']) : 'unknown';
return hash_hmac('sha1', $agent . $name . $value . Cookie::$salt, Cookie::$salt);
}
Sets a signed cookie. Note that all cookie values must be strings and no automatic serialization will be performed!
By default, Cookie::$expiration is 0 - if you skip/pass null for the optional lifetime argument your cookies will expire immediately unless you have separately configured Cookie::$expiration.
// Set the "theme" cookie
Cookie::set('theme', 'red');
string
$name
required - Name of cookie string
$value
required - Value of cookie integer
$lifetime
= NULL - Lifetime in seconds boolean
public static function set($name, $value, $lifetime = null)
{
if ($lifetime === null) {
// Use the default expiration
$lifetime = Cookie::$expiration;
}
if ($lifetime !== 0) {
// The expiration is expected to be a UNIX timestamp
$lifetime += static::_time();
}
// Add the salt to the cookie value
$value = Cookie::salt($name, $value) . '~' . $value;
return static::_setcookie($name, $value, $lifetime, Cookie::$path, Cookie::$domain, Cookie::$secure, Cookie::$httponly);
}
Proxy for the native setcookie function - to allow mocking in unit tests so that they do not fail when headers have been sent.
string
$name
required - $name string
$value
required - $value integer
$expire
required - $expire string
$path
required - $path string
$domain
required - $domain boolean
$secure
required - $secure boolean
$httponly
required -
bool
protected static function _setcookie($name, $value, $expire, $path, $domain, $secure, $httponly)
{
return setcookie($name, $value, $expire, $path, $domain, $secure, $httponly);
}
Proxy for the native time function - to allow mocking of time-related logic in unit tests
int
protected static function _time()
{
return time();
}