Posted By

halk on 11/22/12


Tagged

class php session secure


Versions (?)

Secure Static Session Class (Handles Arrays)


 / Published in: PHP
 

This is a static session wrapper that handles single variables and arrays. It allows setting, resetting, and deleting session variables (without destroying the session). It regenerates the session id every time a session is started to prevent session hijacking. See Examples of use below the code or (https://gist.github.com/4128373)

  1. /**
  2. * Session
  3. * -Static Session Wrapper Class
  4. * -Convienience Methods (do Error Checking),
  5. * -Measures To Prevent Session Hijacking,
  6. * -Handles Single Variables or Associative
  7. * Arrays through autodetecting the type
  8. * passed in.
  9. * @package sandboxphp
  10. * @author hskitts
  11. * @copyright 2012
  12. * @version $Id$
  13. * @access public
  14. */
  15. class Session{
  16. /**
  17. * Session::start()
  18. * Start A Secure Session
  19. * Helps Prevent Session Hijacking
  20. * @return void
  21. */
  22. public static function start(){
  23. if (session_id() == false){
  24. session_regenerate_id();//vs session hijacking
  25. }
  26. }
  27.  
  28. /**
  29. * Session::set()
  30. * Sets Session Variables
  31. * Handles Arrays and Single Variables by detecting $key type
  32. * in the case of $key being an array:
  33. * $value will be an array of key value
  34. * pairs in the $key array
  35. * @param mixed $key
  36. * @param mixed $value if key is an array $value must be array
  37. * @return void
  38. */
  39. public static function set($key, $value) {
  40. if (is_array($value)){ //if value is an array update and existing variable
  41. $ARRAY = $_SESSION[$key]; //save the current session array
  42. foreach($value as $k => $v){ //for each key=value pair in the value passed in
  43. $ARRAY[$k] = $v; //push
  44. }
  45. $_SESSION[$key] = $ARRAY;
  46. return;
  47. }
  48. $_SESSION[$key] = $value;
  49. }
  50.  
  51. /**
  52. * Session::get()
  53. * Get The Value Of A Session Variable
  54. * (Handles Arrays As well)
  55. * @param mixed $key session variable to get
  56. * @param bool $key2 only to access an array
  57. * @return
  58. */
  59. public static function get($key,$key2=false){
  60. if(isset($_SESSION[$key])){
  61. if($key2){
  62. return $_SESSION[$key][$key2];
  63. }else{
  64. return $_SESSION[$key];
  65. }
  66.  
  67. }else{
  68. return false;
  69. }
  70. }
  71.  
  72. /**
  73. * Session::del()
  74. * Delete A Session Variable
  75. * (This Does Not Destroy The
  76. * Whole Session)
  77. * @param mixed $key
  78. * @return void
  79. */
  80. public static function del($key,$key2=false){
  81. if(isset($_SESSION[$key])){
  82. if($key2){
  83. unset($_SESSION[$key][$key2]);
  84. }else{
  85. unset($_SESSION[$key]);
  86. }
  87. }
  88. }
  89.  
  90. /**
  91. * Session::destroy()
  92. * Destroy The Current Session With All Variables
  93. * @return void
  94. */
  95. public static function destroy(){
  96. if (session_id() == true){
  97. }
  98. }
  99.  
  100. /**
  101. * Session::dump()
  102. * Display The Current $_SESSION Array
  103. * (for debugging purposes)
  104. * @return void
  105. */
  106. public static function dump(){
  107. if (session_id() == true){
  108. echo '<pre>';
  109. print_r($_SESSION);
  110. echo '</pre>';
  111. }
  112. }
  113. }
  114.  
  115. //EXAMPLES OF USE
  116. Session::start(); //Start a Session
  117. $session_array = array(
  118. "username"=>"brucewayne",
  119. "logged_in"=>"10/21/12",
  120. "role"=>"Super-User Admin"
  121. );
  122. Session::set("user",$session_array);
  123. Session::set("singleton","one");
  124. Session::set("user",array("role"=>"head honcho","specialty"=>"vigilante crime fighting"));
  125. $singleton = Session::get("singleton");
  126. $username = Session::get("user","username");
  127. Session::del("user","role");
  128. Session::del("singleton");
  129. Session::destroy();

Report this snippet  

You need to login to post a comment.