Search code examples
phplithium

PHP Lithium - Authentication how to access session data

I have read about authentication in Lithium manual, still I have some questions about it. After Auth::check ('default', $this->request), it will return an array of user data if succeed. I have finished this part according to the manual.

  1. if I want to save some of this array into session (not all of them), how to do it?
  2. Are those data in session encrypted? If not, how could I manipulate it, I want to encrypt it for security concern.

Thanks.

Solution

  • This should give you something to go on regarding encrypting session data - http://nitschinger.at/Session-Encryption-with-Lithium.

    As far as telling Auth::check() which fields to save to the session:

    Auth::config(array(
   'default' => array(
       'session' => array(
           'persist' => array('username', 'email')
        )
    )
));

    This is in the latest master, and there is more explanation at the top of security\Auth.php.