PHP Secure Stateless Cookies Class

The PHP Secure Stateless Cookies Class lets you create a system that authenticates with secure cookies instead of using PHP sessions. Furthermore, it allows for:

  1. Secure password hashing
  2. Secure cookie hashing
  3. Automatically updates md5 passwords
  4. Can interpret (Non-Portable) PHPass hashes without changing your current user database

Documentation

Check out the documentation for code samples and usage.

Purpose

There is quite a bit of discussion between stateful and stateless. For a better understanding of stateless cookies and stateless PHP applications, consider reading the article Hardened Stateless Session Cookies (PDF) by Steven J. Murdoch.

Changelog

  • (12.05.2012) v1.0
    • Release version
  • (12.06.2012) v1.1
    • Added a much more secure salting algorithm
    • Updated properties to follow OOP standard
    • Added verifyAuth as security measure
  • (02.08.2014) v1.2
    • Updated encryption method
    • Added _switchUserTo method
    • Added _switchUserBack method
    • Added _setcookie method
    • Added remember me cookie
by
by
by
by
by
by