CryptoWrapper

class OC\Session\CryptoWrapper
Class CryptoWrapper provides some rough basic level of additional security by
storing the session data in an encrypted form.
The content of the session is encrypted using another cookie sent by the browser.
One should note that an adversary with access to the source code or the system
memory is still able to read the original session ID from the users’ request.
This thus can not be considered a strong security measure one should consider
it as an additional small security obfuscation layer to comply with compliance
guidelines.

TODO: Remove this in a future release with an approach such as
Source:lib/private/Session/CryptoWrapper.php#51

Constants

COOKIE_NAME = oc_sessionPassphrase
Source:lib/private/Session/CryptoWrapper.php#52

Properties

protected static property OC\Session\CryptoWrapper::$config
Source:lib/private/Session/CryptoWrapper.php#55
Type:\OCP\IConfig
protected static property OC\Session\CryptoWrapper::$session
Source:lib/private/Session/CryptoWrapper.php#57
Type:\OCP\ISession
protected static property OC\Session\CryptoWrapper::$crypto
Source:lib/private/Session/CryptoWrapper.php#59
Type:\OCP\Security\ICrypto
protected static property OC\Session\CryptoWrapper::$random
Source:lib/private/Session/CryptoWrapper.php#61
Type:\OCP\Security\ISecureRandom
protected static property OC\Session\CryptoWrapper::$passphrase
Source:lib/private/Session/CryptoWrapper.php#63
Type:string

Methods

public OC\Session\CryptoWrapper::__construct($config, $crypto, $random, $request)
Source:

lib/private/Session/CryptoWrapper.php#71

Parameters:
public OC\Session\CryptoWrapper::wrapSession($session)
Source:

lib/private/Session/CryptoWrapper.php#111

Parameters:
Returns:

\OCP\ISession