PHPackages ezimuel/php-secure-session - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. ezimuel/php-secure-session ActiveLibrary[Authentication & Authorization](/categories/authentication) ezimuel/php-secure-session ========================== Encrypt and authenticate PHP session data using AES-256 and HMAC-SHA256 v1.1.0(8y ago)3976.6k76[2 issues](https://github.com/ezimuel/PHP-Secure-Session/issues)[1 PRs](https://github.com/ezimuel/PHP-Secure-Session/pulls)2BSD-3-ClausePHPPHP ^5.6 || ^7.0CI failing Since Jan 26Pushed 5y ago20 watchersCompare [ Source](https://github.com/ezimuel/PHP-Secure-Session)[ Packagist](https://packagist.org/packages/ezimuel/php-secure-session)[ Docs](https://github.com/ezimuel/PHP-Secure-Session)[ RSS](/packages/ezimuel-php-secure-session/feed)WikiDiscussions master Synced 3w ago READMEChangelog (3)Dependencies (2)Versions (5)Used By (2) PHP-Secure-Session ================== [](#php-secure-session) [![Build Status](https://camo.githubusercontent.com/c362e9fd7491fedb2a0698d562e921b568353411036f34f577891fe7c2a22f30/68747470733a2f2f7365637572652e7472617669732d63692e6f72672f657a696d75656c2f5048502d5365637572652d53657373696f6e2e7376673f6272616e63683d6d6173746572)](https://secure.travis-ci.org/ezimuel/PHP-Secure-Session)[![Coverage Status](https://camo.githubusercontent.com/61741c2e427449001c8de6648925d430798de405ee31488ceab827e912aa3fb4/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f657a696d75656c2f5048502d5365637572652d53657373696f6e2f62616467652e7376673f6272616e63683d6d6173746572)](https://coveralls.io/github/ezimuel/PHP-Secure-Session?branch=master) About ----- [](#about) This project adds encryption to internal PHP save handlers. It uses [OpenSSL](http://php.net/manual/en/book.openssl.php) extension to provide encryption with [AES-256](http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf)and authentication using HMAC-SHA-256. The [SecureHandler](src/SecureHandler.php) class extends the default [SessionHandler](http://php.net/manual/en/class.sessionhandler.php) of PHP and it adds only an encryption layer on the internal save handler. The session management logic remains the same, that means you can use `SecureSession` with all the PHP session handlers like 'file', 'sqlite', 'memcache' or 'memcached' which are provided by PHP extensions. Installation ------------ [](#installation) You can install this library using [composer](https://getcomposer.org/) with the following command: ``` composer require ezimuel/php-secure-session ``` After that the PHP-Secure-Session handler will be automatically executed in your project when consuming the `vendor/autoload.php` file. Usage ----- [](#usage) You don't have to do nothing to consume this library, the [SecureHandler](src/SecureHandler.php)is automatically registered with [session\_set\_save\_handler()](http://php.net/manual/en/function.session-set-save-handler.php)during the composer autoload. How it works ------------ [](#how-it-works) The session data are encrypted using a **random key** stored in a cookie variable starting with the prefix `KEY_`. This random key is generated using the [random\_bytes()](http://php.net/manual/en/function.random-bytes.php)function of PHP 7. For PHP 5 versions we used the [paragonie/random\_compat](https://github.com/paragonie/random_compat)project that is a polyfill for `random_bytes()`. We also generated a random authentication key stored in the same cookie variable. The value stored in the `KEY_` cookie is the [Base64](https://en.wikipedia.org/wiki/Base64)representation of the encryption key concatenated with the authentication key. Demo ---- [](#demo) You can test the PHP-Secure-Session using the [test/demo/index.php](test/demo/index.php)example. You can run the demo using the internal web server of PHP with the following command: ``` php -S 0.0.0.0:8000 -t test/demo ``` If you open the browser to [localhost:8000](http://localhost:8000) you will see the demo in action. --- Copyright 2011-2018 by [Enrico Zimuel](http://www.zimuel.it) Released under the [MIT License](LICENSE) ### Health Score 41 — FairBetter than 87% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity43 Moderate usage in the ecosystem Community29 Small or concentrated contributor base Maturity61 Established project with proven stability Bus Factor1 Top contributor holds 84.6% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~374 days Total 4 Last Release 2313d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/75c7c511421feb14316a01d29a7566bd4fdd97147b5a4f3faa5a065f9d0a0193?d=identicon)[ezimuel](/maintainers/ezimuel) --- Top Contributors [![ezimuel](https://avatars.githubusercontent.com/u/475967?v=4)](https://github.com/ezimuel "ezimuel (33 commits)")[![hardyjohnson](https://avatars.githubusercontent.com/u/350943?v=4)](https://github.com/hardyjohnson "hardyjohnson (2 commits)")[![alanseiden](https://avatars.githubusercontent.com/u/5905791?v=4)](https://github.com/alanseiden "alanseiden (1 commits)")[![romainneutron](https://avatars.githubusercontent.com/u/137574?v=4)](https://github.com/romainneutron "romainneutron (1 commits)")[![samdark](https://avatars.githubusercontent.com/u/47294?v=4)](https://github.com/samdark "samdark (1 commits)")[![viralcode](https://avatars.githubusercontent.com/u/11070871?v=4)](https://github.com/viralcode "viralcode (1 commits)") --- Tags Authenticationencryptsession ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/ezimuel-php-secure-session/health.svg) ``` [![Health](https://phpackages.com/badges/ezimuel-php-secure-session/health.svg)](https://phpackages.com/packages/ezimuel-php-secure-session) ``` ### Alternatives [risan/oauth1 OAuth 1.0 client library for PHP 15177.6k](/packages/risan-oauth1)[alajusticia/laravel-logins Session management in Laravel apps, user notifications on new access, support for multiple separate remember tokens, IP geolocation, User-Agent parser 2013.2k](/packages/alajusticia-laravel-logins) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)