背景:我刚刚升级到 CakePHP 3.5.17。
我有一个写 cookie 的代码。但是,似乎我缺少一些加密它的步骤。有人可以阐明缺少的步骤在哪里吗?目前,网络浏览器正在获取 cookie 的值,但未加密。注意我还在 app.php 上设置了 cookieKey
我还在下面提供的链接中包含了这些步骤
https://book.cakephp.org/3.0/en/development/application.html#adding-http-stack
//In src/Controller/UsersController.php
use Cake\I18n\Time;
use Cake\Http\Cookie\Cookie;
use Cake\Http\Cookie\CookieCollection;
use Cake\Core\Configure;
use App\Application;
use Cake\Error\Middleware\ErrorHandlerMiddleware;
use Cake\Http\MiddlewareQueue;
use Cake\Routing\Middleware\AssetMiddleware;
use Cake\Routing\Middleware\RoutingMiddleware;
use Cake\Http\Middleware\EncryptedCookieMiddleware;
public function writecookie() {
$cookie = new Cookie(
'goodday', // name
'YES', // value
(Time::now())->modify('+1 year'), // expiration time, if applicable
'/', // path, if applicable
'', // domain, if applicable
false, // secure only?
true // http only ?
);
$middlewareQueue = new MiddlewareQueue();
$cookiesEncrypted = new EncryptedCookieMiddleware(
['goodday'],
Configure::read('Security.cookieKey')
);
$cookiesEncrypted = $middlewareQueue->add($cookiesEncrypted);
$this->response = $this->response->withCookie($cookie); //value is still YES in the web browser cookie storage
}
进一步调试后,我注意到在 EncryptedCookieMiddleware 类中。它说明请求数据中的 Cookie 将被解密,而响应标头中的 cookie 将自动加密。如果响应是 Cake\Http\Response,则 cookie 数据集withCookie()和 `cookie()` 也将被加密。但对我来说它不会自动加密?