Cookies管理 · Phalcon 3.4中文手冊

[TOC] # Cookies管理 [Cookies](http://en.wikipedia.org/wiki/HTTP_cookie) 是在客戶端計算機上存儲小塊數據的非常有用的方法，即使用戶關閉他/她的瀏覽器也可以檢索這些數據。`Phalcon\Http\Response\Cookies` a充當cookie的全局包。Cookie在請求執行期間存儲在此包中，并在請求結束時自動發送。 ## 基本用法您可以通過訪問可以訪問服務的應用程序的任何部分中的`cookie`服務來設置/獲取cookie： ```php <?php use Phalcon\Mvc\Controller; class SessionController extends Controller { public function loginAction() { // Check if the cookie has previously set if ($this->cookies->has('remember-me')) { // Get the cookie $rememberMeCookie = $this->cookies->get('remember-me'); // Get the cookie's value $value = $rememberMeCookie->getValue(); } } public function startAction() { $this->cookies->set( 'remember-me', 'some value', time() + 15 * 86400 ); $this->cookies->send(); } public function logoutAction() { $rememberMeCookie = $this->cookies->get('remember-me'); // Delete the cookie $rememberMeCookie->delete(); } } ``` ## Cookie的加密/解密默認情況下，cookie在發送到客戶端之前會自動加密，并在從用戶檢索時解密。此保護可防止未經授權的用戶在客戶端（瀏覽器）中查看cookie的內容。盡管有這種保護，敏感數據不應存儲在cookie中。您可以按如下方式禁用加密： ```php <?php use Phalcon\Http\Response\Cookies; $di->set( 'cookies', function () { $cookies = new Cookies(); $cookies->useEncryption(false); return $cookies; } ); ``` 如果要使用加密，則必須在加密服務中設置全局密鑰： ```php <?php use Phalcon\Crypt; $di->set( 'crypt', function () { $crypt = new Crypt(); /** * Set the cipher algorithm. * * The `aes-256-gcm' is the preferable cipher, but it is not usable until the * openssl library is upgraded, which is available in PHP 7.1. * * The `aes-256-ctr' is arguably the best choice for cipher * algorithm in these days. */ $crypt->setCipher('aes-256-ctr'); /** * Setting the encryption key. * * The key should have been previously generated in a cryptographically safe way. * * Bad key: * "le password" * * Better (but still unsafe): * "#1dj8$=dp?.ak//j1V$~%*0X" * * Good key: * "T4\xb1\x8d\xa9\x98\x054t7w!z%C*F-Jk\x98\x05\\\x5c" * * Use your own key. Do not copy and paste this example key. */ $key = "T4\xb1\x8d\xa9\x98\x054t7w!z%C*F-Jk\x98\x05\\\x5c"; $crypt->setKey($key); return $crypt; } ); ``` >[danger] 向客戶端發送不加密的cookie數據（包括復雜對象結構，結果集，服務信息等）可能會暴露攻擊者可能用來攻擊應用程序的內部應用程序詳細信息。如果您不想使用加密，我們強烈建議您只發送非常基本的cookie數據，如數字或小字符串文字。