PHPackages                             tourze/cookie-encrypt-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. tourze/cookie-encrypt-bundle

ActiveLibrary[Security](/categories/security)

tourze/cookie-encrypt-bundle
============================

A Symfony Bundle for automatically encrypting and decrypting specific cookies

0.0.4(1y ago)06MITPHPPHP ^8.1CI passing

Since Apr 28Pushed 6mo ago1 watchersCompare

[ Source](https://github.com/tourze/cookie-encrypt-bundle)[ Packagist](https://packagist.org/packages/tourze/cookie-encrypt-bundle)[ RSS](/packages/tourze-cookie-encrypt-bundle/feed)WikiDiscussions master Synced today

READMEChangelog (4)Dependencies (9)Versions (5)Used By (0)

Cookie Encrypt Bundle
=====================

[](#cookie-encrypt-bundle)

[English](README.md) | [中文](README.zh-CN.md)

[![PHP Version](https://camo.githubusercontent.com/306b72111fb5a57ba277f7820bdaf0c1e17327ce3bbfd42c967d8b3970de1911/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f746f75727a652f636f6f6b69652d656e63727970742d62756e646c652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/tourze/cookie-encrypt-bundle)[![Latest Version](https://camo.githubusercontent.com/e2a73e283c846735eb1c5fc0dd216d3c6e5cff0b295233047b9afafe566b10c4/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f746f75727a652f636f6f6b69652d656e63727970742d62756e646c652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/tourze/cookie-encrypt-bundle)[![License](https://camo.githubusercontent.com/58bd85e3157383b5926114b680491f33c7a736610bde524671b13516f90351e8/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f746f75727a652f636f6f6b69652d656e63727970742d62756e646c652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/tourze/cookie-encrypt-bundle)[![Total Downloads](https://camo.githubusercontent.com/d8c40b7e0fd118ac4aef248da52e65071d23ba3030607d7868207a4ac1c35d3b/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f746f75727a652f636f6f6b69652d656e63727970742d62756e646c652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/tourze/cookie-encrypt-bundle)

A Symfony Bundle for automatically encrypting and decrypting specific cookies, particularly useful for deployment environments with strict WAF (Web Application Firewall) rules, such as Azure.

Features
--------

[](#features)

- Automatic encryption of specified cookies in responses
- Automatic decryption of specified cookies in requests
- Uses XOR encryption algorithm with base64 encoding
- Zero configuration after initial setup
- Seamless integration with Symfony's event system

Requirements
------------

[](#requirements)

- PHP 8.1 or higher
- Symfony 6.4 or higher

Installation
------------

[](#installation)

Install via Composer:

```
composer require tourze/cookie-encrypt-bundle
```

Configuration
-------------

[](#configuration)

### 1. Set Encryption Key

[](#1-set-encryption-key)

Add the encryption key to your `.env` file:

```
COOKIE_XOR_SECURITY_KEY=your_secure_key_here
```

⚠️ **Important**:

- Use a strong, random encryption key
- Keep the key secret and never commit it to version control
- Consider using different keys for different environments

### 2. Register the Bundle

[](#2-register-the-bundle)

If not using Symfony Flex, register the bundle in `config/bundles.php`:

```
return [
    // ...other bundles
    Tourze\CookieEncryptBundle\CookieEncryptBundle::class => ['all' => true],
];
```

Usage
-----

[](#usage)

Once installed and configured, the bundle automatically handles encryption/decryption for the following cookies:

- `sf_redirect` - Symfony's redirect cookie

The bundle works transparently:

- **On Request**: Automatically decrypts encrypted cookies before your application processes them
- **On Response**: Automatically encrypts cookies before sending them to the client

### How It Works

[](#how-it-works)

1. When a request arrives, the `CookieEncryptSubscriber` checks for encrypted cookies
2. If found, it decrypts them using the XOR algorithm and replaces the encrypted values
3. Your application works with the decrypted values normally
4. Before sending the response, the subscriber encrypts the cookie values again

Advanced Configuration
----------------------

[](#advanced-configuration)

### Custom Cookie Names

[](#custom-cookie-names)

To encrypt additional cookies, extend the `CookieEncryptSubscriber` class:

```
namespace App\EventSubscriber;

use Tourze\CookieEncryptBundle\EventSubscriber\CookieEncryptSubscriber;

class CustomCookieEncryptSubscriber extends CookieEncryptSubscriber
{
    protected array $names = [
        'sf_redirect',
        'my_custom_cookie',
        'another_cookie',
    ];
}
```

Then override the service definition in your `config/services.yaml`:

```
services:
    Tourze\CookieEncryptBundle\EventSubscriber\CookieEncryptSubscriber:
        class: App\EventSubscriber\CustomCookieEncryptSubscriber
```

Security Considerations
-----------------------

[](#security-considerations)

- The XOR encryption is designed for WAF bypass, not cryptographic security
- Always use HTTPS in production to prevent man-in-the-middle attacks
- Rotate encryption keys periodically
- Store encryption keys securely (use Symfony secrets management)

Testing
-------

[](#testing)

Run the test suite:

```
# From the monorepo root
./vendor/bin/phpunit packages/cookie-encrypt-bundle/tests

# Run with PHPStan
php -d memory_limit=2G ./vendor/bin/phpstan analyse packages/cookie-encrypt-bundle
```

Troubleshooting
---------------

[](#troubleshooting)

### InvalidEncryptionKeyException

[](#invalidencryptionkeyexception)

This exception is thrown when:

- The `COOKIE_XOR_SECURITY_KEY` environment variable is not set
- The encryption key is empty or contains only whitespace

**Solution**: Ensure you have set a valid encryption key in your `.env` file.

### Cookies Not Being Encrypted

[](#cookies-not-being-encrypted)

Check that:

1. The bundle is properly registered
2. The encryption key is set
3. The cookie name is in the list of cookies to encrypt

Contributing
------------

[](#contributing)

Please see the main monorepo README for contribution guidelines.

License
-------

[](#license)

MIT

###  Health Score

29

—

LowBetter than 57% of packages

Maintenance59

Moderate activity, may be stable

Popularity4

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity39

Early-stage or recently created project

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~15 days

Total

4

Last Release

386d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/13899502?v=4)[tourze](/maintainers/tourze)[@tourze](https://github.com/tourze)

---

Top Contributors

[![tourze](https://avatars.githubusercontent.com/u/13899502?v=4)](https://github.com/tourze "tourze (1 commits)")

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Type Coverage Yes

### Embed Badge

![Health badge](/badges/tourze-cookie-encrypt-bundle/health.svg)

```
[![Health](https://phpackages.com/badges/tourze-cookie-encrypt-bundle/health.svg)](https://phpackages.com/packages/tourze-cookie-encrypt-bundle)
```

###  Alternatives

[easycorp/easyadmin-bundle

Admin generator for Symfony applications

4.3k17.9M386](/packages/easycorp-easyadmin-bundle)[symfony/framework-bundle

Provides a tight integration between Symfony components and the Symfony full-stack framework

3.6k251.7M11.6k](/packages/symfony-framework-bundle)[symfony/security-bundle

Provides a tight integration of the Security component into the Symfony full-stack framework

2.5k185.6M2.4k](/packages/symfony-security-bundle)[shopware/core

Shopware platform is the core for all Shopware ecommerce products.

585.6M574](/packages/shopware-core)[open-dxp/opendxp

Content &amp; Product Management Framework (CMS/PIM)

9421.6k61](/packages/open-dxp-opendxp)[chameleon-system/chameleon-base

The Chameleon System core.

1028.6k5](/packages/chameleon-system-chameleon-base)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
