Kohana’s Salted Cookies are Delicious!

I use cookies so rarely that when I finally do have to go back and use them for something, I pretty much always have to check out the PHP manual to remind me of the order of arguments and such. However, with Kohana being so damn useful, I figured I’d check and see if they had a cookie helper, and it turns out they do, and it turns out that Kohana’s implementation is a little easier to use than the native PHP.

However, during testing, I noticed that they looked SUPER-odd. To wit:

2d27e36dae1971b021a48c8d57078e6f3c01b90f~Nov 11, 2010

Now, I only stored the “Nov 11, 2010” bit – what’s all that extra stuff there?

Well, it turns out that Kohana stores the salted hash of your cookie value preceding the actual value itself. The super-sweet benefit of this is that users can’t just manually alter their cookies and set their own values – Kohana will check the value it retrieves and compare it against the hash, and if it doesn’t match, it returns the default value (which is itself, by default, NULL).

So suddenly, you have secure cookies! You can even change the salt you use by defining your own Cookie class:

class Cookie extends Kohana_Cookie {
	 * @var  string  Magic salt to add to the cookie
	public static $salt = 'day9rules';

While I don’t think I’d ever rely on this for anything super-sensitive, it’s definitely secure enough to prevent people from tampering with things like account IDs and the like.

Rage-quit support for fish shell
Code faster with simple Sublime Text improvements
Gulp.js – an AMAZING build system!
There are currently no comments.