PHPackages lukeelten/cakephp-encrypted-session - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. lukeelten/cakephp-encrypted-session ActiveCakephp-plugin[Security](/categories/security) lukeelten/cakephp-encrypted-session =================================== Encrypted Session Middleware which encrypts the session on server-side with a per-user key. 1.0.5(6y ago)1480MITPHPPHP >=7.1CI failing Since Apr 24Pushed 6y ago1 watchersCompare [ Source](https://github.com/lukeelten/cakephp-encrypted-session)[ Packagist](https://packagist.org/packages/lukeelten/cakephp-encrypted-session)[ RSS](/packages/lukeelten-cakephp-encrypted-session/feed)WikiDiscussions master Synced 2mo ago READMEChangelogDependencies (3)Versions (7)Used By (0) CakePHP Session Encryption ========================== [](#cakephp-session-encryption) This is a CakePHP Plugin which encrypts a user's session data transparently before storing it. The session data will be automatically decrypted during the next request. Why do I need this? ------------------- [](#why-do-i-need-this) The new GDPR regulation does not enforce encryption on personal data, nevertheless it is recommended to encrypt personal data everywhere, especially at rest. A saved session is simply data stored at rest. Due to user authorization or other application features, the session often contains data which can be classified as personal data according to the GDPR. Therefore encrypting them is a reasonable safety measure to prevent data breaches. To increase security, a unique encryption key is generated for each user and stored into a cookie. Keeping the key away from the server, makes decrypting all of the session data at once a very hard task. Installation ------------ [](#installation) Install plugin using [composer](http://getcomposer.org): ``` composer require lukeelten/cakephp-encrypted-session ``` The plugin does not need any loading during bootstrap. Configuration ------------- [](#configuration) There are several options to configure the behavior, nevertheless the plugin contains a useful set of default values so you **do not need any configuration at all**. Nevertheless, it is recommended to configure at least an encryption salt, otherwise *Security.salt* will be used. Possible options to add to application config: ``` 'Session' => [ "Encryption" => [ "salt" => getenv("SESSION_SALT", "default-salt"), // Server side salt; fill in random string "cookieName" => "CAKE_SESSION_KEY", // Cookie name "expire" => strtotime("+1 year"), // Default cookie lifetime "secure" => false, // Use with https only "path" => "/" // Cookie path ] ] ``` Usage ----- [](#usage) Simply add the middleware to your Application middleware setup (Application.php) ``` $middleware->add(new EncryptedSessionMiddleware()); ``` ### Important Note: [](#important-note) If this middleware is used in combination with *EncryptedCookieMiddleware* and you want to encrypt the session key cookie as well, you must ensure, that the *EncryptedCookieMiddleware* is loaded into the middleware chain **BEFORE** the *EncryptedSessionMiddleware*. ``` $middleware->add(new EncryptedCookieMiddleware()) ->add(new EncryptedSessionMiddleware()); ``` ### Health Score 29 — LowBetter than 60% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity14 Limited adoption so far Community9 Small or concentrated contributor base Maturity62 Established project with proven stability Bus Factor1 Top contributor holds 50% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~117 days Recently: every ~147 days Total 6 Last Release 2351d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/0f63467690913a111c356b498813f5a5fe0756501e1e8d3c00b47e0fd5b77810?d=identicon)[lukeelten](/maintainers/lukeelten) --- Top Contributors [![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (1 commits)")[![lukeelten](https://avatars.githubusercontent.com/u/513392?v=4)](https://github.com/lukeelten "lukeelten (1 commits)") --- Tags encryptioncakephpsession ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/lukeelten-cakephp-encrypted-session/health.svg) ``` [![Health](https://phpackages.com/badges/lukeelten-cakephp-encrypted-session/health.svg)](https://phpackages.com/packages/lukeelten-cakephp-encrypted-session) ``` ### Alternatives [phpseclib/phpseclib PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc. 5.6k434.8M1.3k](/packages/phpseclib-phpseclib)[defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[cakephp-fr/recaptcha To easily use Google Recaptcha (free CAPTCHA service that protect websites from spam and abuse) in CakePHP projects 1419.3k](/packages/cakephp-fr-recaptcha)[muffin/tokenize Security Tokens 1319.0k1](/packages/muffin-tokenize)[cake17/cakephp-recaptcha \[DEPRECIATED\] Please use https://github.com/cakephp-fr/recaptcha/ 1211.0k1](/packages/cake17-cakephp-recaptcha) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)