CakePHP Cookies getting scrambled - Suhosin related

Question

For some reason I am unable to read any cookies from my CakePHP app on any page after they have been set, the only thing that is returned is garbled text.

My code is as simple as this:

$this->Cookie->write('Region', 'test');
$reg = $this->Cookie->read('Region');
pr($reg);

I uncomment the $this->Cookie->write() line and all I get back is a bunch of random control characters. I also recently upgraded to CakePHP 1.3 but AFAIK this should not effect cookie like this... This was working fine until I changed server, this must be the root of my problem.

Update After probing around further I have discovered this is a known issue with the Suhosin security patch for PHP effecting the rand() and srand() methods, I had configured Suhosin to allow the rand() functions but still it is happening, is there a more effective work around out there?

score 7 · Accepted Answer · answered Jan 18 '11 at 13:01

7

Try this code which will disable cookie encryption:

$this->Cookie->write('Region', 'test', false);
$reg = $this->Cookie->read('Region');
pr($reg);

The write method has the following params:

write(mixed $key, mixed $value, boolean $encrypt, mixed $expires)

By default all values in the cookie are encrypted by CakePHP. However for security reasons you may wish to look into working with the encryption.

answered Jan 18 '11 at 13:01

Chris Kempson

319
1
3
13

It works when I turn $encrpyt off, but why is it not working with the default values? – Dunhamzzz Jan 18 '11 at 14:08
Do you have the Suhosin security patch on your sever? – Chris Kempson Jan 18 '11 at 14:48
Ok looking back to this question, yes I do have the Suhosin patch on my server – Dunhamzzz Feb 22 '11 at 23:40
2

Suhosin adds a srand() call before any rand() which I believe the CakePHP code makes use of. If you removed the Suhosin patch you'd experience the behaviour you are expecting. However I'd still advise you to work with the encryption option if possible. – Chris Kempson Feb 25 '11 at 10:49

score 1 · Answer 2 · answered Jan 18 '11 at 13:00

1

CakePHP encrypts cookies by default.

Is your Security.salt value the same in this new installation?

How about the $key value in your cookie controller setup?

answered Jan 18 '11 at 13:00

Mark Snidovich

1,055
7
11

The files were literally just copied over, it works without encryption so this must be the problem. – Dunhamzzz Jan 18 '11 at 13:10
I have not used the $key value at all, do I need to with 1.3? – Dunhamzzz Jan 18 '11 at 13:18

CakePHP Cookies getting scrambled - Suhosin related

2 Answers2

Linked