Cookies() won't set unless I disable Encryption

Question

Cookies() won't set unless I disable Encryption

Jeroen Evers Mar '14

Created Mar '14	Last Reply Jun '15	Replies 10	Views 4311	Votes 0

Jeroen Evers 5.4k

Mar '14

Hi,

I was having a really hard time figuring out why $this->cookies->get(token)->getValue() returned NULL all the time. Somehow the cookies were not being set.

I used return $this->response->redirect(index); and that surpressed the following error

Size of key is too large for this algorithm
0 [internal function]: Phalcon\Crypt->encrypt('1', NULL)
1 [internal function]: Phalcon\Crypt->encryptBase64('1')
2 [internal function]: Phalcon\Http\Cookie->send()
3 [internal function]: Phalcon\Http\Response\Cookies->send()
4 [internal function]: Phalcon\Http\Response->sendCookies()
5 X:\path\public\index.php(33): Phalcon\Mvc\Application->handle()
6 {main}

Notice Phalcon\Crypt->encrypt(1, NULL) where the key is empty!

Only after disabling encryption in the DI, the cookies were correctly set.

$di->set('cookies', function() {
    $cookies = new Phalcon\Http\Response\Cookies();
    $cookies->useEncryption(false);
    return $cookies;
});

What could be the problem? I am using phalcon 1.2.6 because 1.3.1 wil not hash passwords for me (returns empty)

Thanx!

Simon Paterson · Answer 1 · 2014-04-02T22:25:23-07:00

The Phalcon\Crypt component, which is what is being used to encrypt the cookies, hasn't been given a key (it appears to be using NULL).

There is an easy way around this. You can set a key globally when the service is registered:

$di->set('crypt', function() {
    $crypt = new Phalcon\Crypt();
    $crypt->setKey('ReallyRandomKey');
    return $crypt;
});

Obviously you would change ‘ReallyRandomKey’ to something of your choosing. A good place to generate a key is at GRC. I just use any 16 characters of the ‘63 random printable ASCII characters’ line, excluding any single primes (quote marks).

I also recommend that this service is not registered in the bootstrap index.php file and, if it must be, use a configuration file placed outside the public web-accessible folder.

Jeroen Evers · Answer 2 · 2014-04-02T23:57:02-07:00

Thank you for the reply!

I have based my code on Vokuro, so Phalcon\Crypt is registered in my application. Strange thing is that a clean Vokuro install also won't set COOKIES for me. Could it be a specific php.ini setting of php version issue? I am struggling with this on 2 different XAMPP installations.

Simon Paterson · Answer 3 · 2014-04-05T17:24:33-07:00

The only thing I can think is that the mcrypt extension is not installed or not working correctly. Phalcon\Crypt requires the mcrypt extension and your symptoms sound very much like this is not working properly. You can check using echo extension_loaded("mcrypt");. If it is installed, you should see 1 in the output.

Sorry I can’t be of more help.

Jeroen Evers · Answer 4 · 2014-04-06T03:00:07-07:00

I does show a 1 as a result. I'll just go try and check some other php/xampp versions. I'm currently running a fresh install so i guess something must be wrong on my end, as this is appearantly not a common issue!

Oleg · Answer 5 · 2014-04-06T07:20:47-07:00

You can try

$di->setShared('crypt', function() use($di) {
            $crypt = new \Phalcon\Crypt();
            $crypt->setMode(MCRYPT_MODE_CFB);
            $crypt->setKey('ReallyRandomKey');
            return $crypt;
        });

jr2wolfgang · Answer 6 · 2014-05-05T03:12:15-07:00

Same issue here.. I can't set the cookies... I don't know what's the problem. I'll try to check if my mcrypt is the main issue.

I tried to do this:

$di->set('cookies', function() { $cookies = new Phalcon\Http\Response\Cookies(); $cookies->useEncryption(false); return $cookies; }, true);

Still my cookies is not setting... :(

jr2wolfgang · Answer 7 · 2014-05-05T03:22:43-07:00

jr2wolfgang
70

May '14

This cookie thing is not working for me really... too bad

Jason Socha · Answer 8 · 2015-02-27T23:01:18-07:00

As of 2015-02-27 this problem still exists in v1.3.4. Phalcon\Http\Response\Cookies will not set a cookie unless encryption is disabled.

$di->set('cookies', function () {
  $cookies = new Phalcon\Http\Response\Cookies();
  $cookies->useEncryption(false);
  return $cookies;
});

This can be tested by using the "Remember Me" checkbox on the Vokuro sample app. Out of the box, the feature doesn't work. If you add the above code to the services.php file, it will start to work and you can see the cookies being set in your browser's inspector.

Ivan Padavic · Answer 9 · 2015-03-02T11:15:19-07:00

I'm not sure if this is your case but we had similar issue, due to upgrade to php 5.6. Mcrypt extension now supports key sizes of 16, 24 or 32, and will throw error when using non supported size.

Jeroen Evers · Answer 10 · 2015-03-04T05:43:54-07:00

I sitll have this problem on multiple php and phalcon versions. Maybe its because i use windows?

mervynwang · Answer 11 · 2015-03-04T08:59:26-07:00

I encounter same problem,
PHP 5.6, phalcon 1.3.4 . When I change key to 16 , decrypt cookie is ok. $crypt->setKey('ReallyRandomKey');

metalevs · Answer 12 · 2015-03-18T12:44:08-07:00

metalevs
636

Mar '15

I have exactly same issue... It doesn't work with wamp or vagrant...

osse76 · Answer 13 · 2015-06-02T01:25:52-07:00

osse76
1.4k

edited Jun '15
Jun '15

Still the same Issue. No solution for this? Edit: ok, key was too long. max 32 characters.