PHPackages                             dcro/secure-client-side-session-handler - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. dcro/secure-client-side-session-handler

ActiveLibrary[Security](/categories/security)

dcro/secure-client-side-session-handler
=======================================

Securely store PHP session information on the client side using cookies (session data is encrypted &amp; compressed)

122861PHP

Since Sep 17Pushed 11y ago1 watchersCompare

[ Source](https://github.com/dcro/php-secure-client-side-sessions)[ Packagist](https://packagist.org/packages/dcro/secure-client-side-session-handler)[ RSS](/packages/dcro-secure-client-side-session-handler/feed)WikiDiscussions master Synced today

READMEChangelogDependenciesVersions (1)Used By (1)

PHP Secure Client Side Session Handler
======================================

[](#php-secure-client-side-session-handler)

Securely store PHP session information on the client side using encrypted cookies (with [AES encryption](http://en.wikipedia.org/wiki/Advanced_Encryption_Standard)). This is useful in cases where you don't want to store the session information on a file system or database (e.g. usually when using load balancing or multiple servers in different geographical regions).

Because there's a browser limit of around 4KB of data available for cookies, the session data is first compressed using the [deflate](http://en.wikipedia.org/wiki/DEFLATE) algorithm. You should also keep in mind that the session data stored in the client side cookie is sent back to the server with every request so it's important to keep the data as small as possible.

Installation
------------

[](#installation)

You can either get the &lt;SecureClientSideSessionHandler.php&gt; file from GIT or you can install the library via [Composer](getcomposer.org). To use Composer, simply add the following to your `composer.json` file.

```
{
    "require": {
        "dcro/secure-client-side-session-handler": "dev-master"
    }
}
```

How to use it?
--------------

[](#how-to-use-it)

By default, the class is configured to only set the data cookie over a secure `HTTPS` connection. This behaviour can be overridden by changing the `secureCookie` static var to `false`.

You can also customize the cookie specific settings (name, domain, path, etc.) using the `cookieName`, `cookiePath`, `cookieDomain` and `cookieHTTPOnly` static vars or you can customize the data compression level (for the deflate algorithm) using the `compressionLevel` static var (supported values from 0 to 9).

You can initialize the session handler with:

```
SecureClientSideSessionHandler::initialize('', '');
session_start();
```

The encryption key and encryption key salt can be any string values (they don't need to be very long as the final encryption key is an `SHA256` hash on `the-encryption-key` + `random-salt` + `the-encryption-key-salt`).

If you want to enable the session data cookie over `HTTP` (disabled by default), you'll need to initialize the session handler with:

```
SecureClientSideSessionHandler::$cookieSecure = false;
SecureClientSideSessionHandler::initialize('', '');
session_start();
```

The default cookie name for the session handler is `PHPSESSDATA`. You can customize the cookie name with:

```
SecureClientSideSessionHandler::$cookieName = 'CUSTOM-COOKIE-NAME';
SecureClientSideSessionHandler::initialize('', '');
session_start();
```

###  Health Score

24

—

LowBetter than 31% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity18

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity41

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/1079773?v=4)[Dan Cotora](/maintainers/dcro)[@dcro](https://github.com/dcro)

---

Top Contributors

[![dcro](https://avatars.githubusercontent.com/u/1079773?v=4)](https://github.com/dcro "dcro (9 commits)")

### Embed Badge

![Health badge](/badges/dcro-secure-client-side-session-handler/health.svg)

```
[![Health](https://phpackages.com/badges/dcro-secure-client-side-session-handler/health.svg)](https://phpackages.com/packages/dcro-secure-client-side-session-handler)
```

###  Alternatives

[mews/purifier

Laravel 5/6/7/8/9/10 HtmlPurifier Package

2.0k18.7M143](/packages/mews-purifier)[paragonie/ecc

PHP Elliptic Curve Cryptography library

24820.0k37](/packages/paragonie-ecc)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
