daviddesberg · September 13, 2012 03:19
diff --git a/ClientSideSessionHandler.php b/ClientSideSessionHandler.php
 <?php
 class ClientSideSessionHandler implements SessionHandlerInterface
 {
    const SESSION_COOKIE_NAME = 'data';
    
    private $cryptor;
    private $cookieJar;
    private $encryptionKey;
    private $signingKey;
    
    public function __construct(Cryptor $cryptor, CookieJar $cookieJar, $encryptionKey, $signingKey)
    {
 	$this->cryptor = $cryptor;
 	$this->cookieJar = $cookieJar;
 	$this->encryptionKey = $encryptionKey;
        $this->signingKey = $signingKey;
    }
    
    public function open($savePath, $sessionName)
    {
 	return true;
    }
    
    public function close()
    {
 	return true;
    }
    
    public function read($id)
    {
 	$data = $this->cookieJar->get( static::SESSION_COOKIE_NAME );
 	if( !$this->cryptor->verify( $data, $this->signingKey ) ) { 
 	    throw new SessionAuthenticationException('Session cookie signature mismatch.');
 	}
 	
 	return $this->cryptor->decrypt( $data, $this->encryptionKey );
    }
    
    public function write($id, $data)
    {
 	$data = $this->cryptor->sign( $this->cryptor->encrypt( $data, $this->encryptionKey ), $this->signingKey );
 	$this->cookieJar->set( static::SESSION_COOKIE_NAME, $data );
 	
 	return true;
    }
    
    public function destroy($id)
    {
 	$this->cookieJar->remove( static::SESSION_COOKIE_NAME );
 	return true;
    }
    
    public function gc($maxlifetime)
    {
 	return true;
    }
 }
diff --git a/CookieJar.php b/CookieJar.php
 <?php
 interface CookieJar
 {
    function get($cookiename);
    function set($cookiename, $value);
    function remove($cookiename);
 }
diff --git a/Cryptor.php b/Cryptor.php
 <?php
 interface Cryptor
 {
    function encrypt($blob, $key);
    function decrypt($blob, $key);
    function verify($blob, $key);
    function sign($blob, $key);
 }
diff --git a/SessionAuthenticationException.php b/SessionAuthenticationException.php
 <?php
 class SessionAuthenticationException extends RuntimeException {}
	<?php
	class ClientSideSessionHandler implements SessionHandlerInterface
	{
	const SESSION_COOKIE_NAME = 'data';

	private $cryptor;
	private $cookieJar;
	private $encryptionKey;
	private $signingKey;

	public function __construct(Cryptor $cryptor, CookieJar $cookieJar, $encryptionKey, $signingKey)
	{
	$this->cryptor = $cryptor;
	$this->cookieJar = $cookieJar;
	$this->encryptionKey = $encryptionKey;
	$this->signingKey = $signingKey;
	}

	public function open($savePath, $sessionName)
	{
	return true;
	}

	public function close()
	{
	return true;
	}

	public function read($id)
	{
	$data = $this->cookieJar->get( static::SESSION_COOKIE_NAME );
	if( !$this->cryptor->verify( $data, $this->signingKey ) ) {
	throw new SessionAuthenticationException('Session cookie signature mismatch.');
	}

	return $this->cryptor->decrypt( $data, $this->encryptionKey );
	}

	public function write($id, $data)
	{
	$data = $this->cryptor->sign( $this->cryptor->encrypt( $data, $this->encryptionKey ), $this->signingKey );
	$this->cookieJar->set( static::SESSION_COOKIE_NAME, $data );

	return true;
	}

	public function destroy($id)
	{
	$this->cookieJar->remove( static::SESSION_COOKIE_NAME );
	return true;
	}

	public function gc($maxlifetime)
	{
	return true;
	}
	}
	<?php
	interface CookieJar
	{
	function get($cookiename);
	function set($cookiename, $value);
	function remove($cookiename);
	}
	<?php
	interface Cryptor
	{
	function encrypt($blob, $key);
	function decrypt($blob, $key);
	function verify($blob, $key);
	function sign($blob, $key);
	}
	<?php
	class SessionAuthenticationException extends RuntimeException {}