We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

Cookies() won't set unless I disable Encryption


I was having a really hard time figuring out why $this->cookies->get(token)->getValue() returned NULL all the time. Somehow the cookies were not being set.

I used return $this->response->redirect(index); and that surpressed the following error

Size of key is too large for this algorithm
0 [internal function]: Phalcon\Crypt->encrypt('1', NULL)
1 [internal function]: Phalcon\Crypt->encryptBase64('1')
2 [internal function]: Phalcon\Http\Cookie->send()
3 [internal function]: Phalcon\Http\Response\Cookies->send()
4 [internal function]: Phalcon\Http\Response->sendCookies()
5 X:\path\public\index.php(33): Phalcon\Mvc\Application->handle()
6 {main}

Notice Phalcon\Crypt->encrypt(1, NULL) where the key is empty!

Only after disabling encryption in the DI, the cookies were correctly set.

$di->set('cookies', function() {
    $cookies = new Phalcon\Http\Response\Cookies();
    return $cookies;

What could be the problem? I am using phalcon 1.2.6 because 1.3.1 wil not hash passwords for me (returns empty)


The Phalcon\Crypt component, which is what is being used to encrypt the cookies, hasn't been given a key (it appears to be using NULL).

There is an easy way around this. You can set a key globally when the service is registered:

$di->set('crypt', function() {
    $crypt = new Phalcon\Crypt();
    return $crypt;

Obviously you would change ‘ReallyRandomKey’ to something of your choosing. A good place to generate a key is at GRC. I just use any 16 characters of the ‘63 random printable ASCII characters’ line, excluding any single primes (quote marks).

I also recommend that this service is not registered in the bootstrap index.php file and, if it must be, use a configuration file placed outside the public web-accessible folder.

Thank you for the reply!

I have based my code on Vokuro, so Phalcon\Crypt is registered in my application. Strange thing is that a clean Vokuro install also won't set COOKIES for me. Could it be a specific php.ini setting of php version issue? I am struggling with this on 2 different XAMPP installations.

edited Apr '14

The only thing I can think is that the mcrypt extension is not installed or not working correctly. Phalcon\Crypt requires the mcrypt extension and your symptoms sound very much like this is not working properly. You can check using echo extension_loaded("mcrypt");. If it is installed, you should see 1 in the output.

Sorry I can’t be of more help.

I does show a 1 as a result. I'll just go try and check some other php/xampp versions. I'm currently running a fresh install so i guess something must be wrong on my end, as this is appearantly not a common issue!

edited Apr '14

You can try

$di->setShared('crypt', function() use($di) {
            $crypt = new \Phalcon\Crypt();
            return $crypt;
edited May '14

Same issue here.. I can't set the cookies... I don't know what's the problem. I'll try to check if my mcrypt is the main issue.

I tried to do this:

$di->set('cookies', function() { $cookies = new Phalcon\Http\Response\Cookies(); $cookies->useEncryption(false); return $cookies; }, true);

Still my cookies is not setting... :(

This cookie thing is not working for me really... too bad

As of 2015-02-27 this problem still exists in v1.3.4. Phalcon\Http\Response\Cookies will not set a cookie unless encryption is disabled.

$di->set('cookies', function () {
  $cookies = new Phalcon\Http\Response\Cookies();
  return $cookies;

This can be tested by using the "Remember Me" checkbox on the Vokuro sample app. Out of the box, the feature doesn't work. If you add the above code to the services.php file, it will start to work and you can see the cookies being set in your browser's inspector.

I'm not sure if this is your case but we had similar issue, due to upgrade to php 5.6. Mcrypt extension now supports key sizes of 16, 24 or 32, and will throw error when using non supported size.

I sitll have this problem on multiple php and phalcon versions. Maybe its because i use windows?

I encounter same problem,
PHP 5.6, phalcon 1.3.4 . When I change key to 16 , decrypt cookie is ok. $crypt->setKey('ReallyRandomKey');

I have exactly same issue... It doesn't work with wamp or vagrant...

edited Jun '15

Still the same Issue. No solution for this? Edit: ok, key was too long. max 32 characters.