help  namespaces  categories  help  rss feeds

Plugins:CookieStorage

<< Back to Dashboard

Contents

Exploring the CookieStorage Plugin

Overview

Cookie Storage plugin. It provides the user with a mechanism for permanent data storage using the cookie scope. You can use this object to store simple or even complex variables in the cookie scope. Don't worry about how it stores complex variables, it just does! Not only that, you can turn on the encryption algorithms and use heavy encryption in your cookies. Below is the startup code executed by the plugin at initialization. It sets up the default encryption algorithm, encryption key, encryption encoding and sets encryption to false by default. 

setEncryptionAlgorithm("CFMX_COMPAT");
setEncryptionKey("ColdBoxPlatform");
setEncryption(false);
setEncryptionEncoding("HEX");
			
/* set defautl alogrithm according to CFML engine */
if(controller.getCFMLEngine().getEngine() EQ 'BLUEDRAGON'){
  setEncryptionAlgorithm("BD_DEFAULT");
}

Plugin Settings

Now, you can control these startup settings by using the ColdBox custom settings in your configuration file. You can set the following settings:

Setting Type Description
CookieStorage_encryption Boolean Activates encryption or not
CookieStorage_encryption_seed string The encryption key to use in your app
CookieStorage_encryption_algorithm string The ColdFusion encryption algorithm to use
CookieStorage_encryption_encoding string The ColdFusion encryption encoding to use 
settings = {
	// Setup the cookie storage settings
	CookieStorage_encryption = true,
	CookieStorage_encryption_seed = hash(AppMapping),
	CookieStorage_encryption_algorithm = "BLOWFISH",
	CookieStorage_encryption_encoding = "Base64"
}

Available Algorithms

All the available algorithms are from the encrypt() method in ColdFusion:

  • AES: the Advanced Encryption Standard specified by the National Institute of Standards and Technology (NIST) FIPS-197.
  • DES: the Data Encryption Standard algorithm defined by NIST FIPS-46-3.
  • DES-EDE: the "Triple DES" algorithm defined by NIST FIPS-46-3.
  • DESX: The extended Data Encryption Standard symmetric encryption algorithm.
  • RC2: The RC2 block symmetric encryption algorithm defined by RFC 2268.
  • RC4: The RC4 symmetric encryption algorithm.
  • RC5: The RC5 encryption algorithm.
  • PBE: Password-based encryption algorithm defined in PKCS #5.
  • MD2: The MD2 hash algorithm defined by RFC 1319.
  • MD5: The defined by RFC 1321.
  • RIPEMD160: RACE Integrity Primitives Evaluation Message Digest 160-bit message digest algorithm and cryptographic hash function.
  • SHA-1: The 160-bit secure hash algorithm defined by FIPS 180-2 and FIPS 198.
  • SHA-224: The 224-bit secure hash algorithm defined by FIPS 180-2 and FIPS 198.
  • SHA-256: The 256-bit secure hash algorithm defined by FIPS 180-2 and FIPS 198.
  • SHA-384: The 384-bit secure hash algorithm defined by FIPS 180-2 and FIPS 198.
  • SHA-512: The 512-bit secure hash algorithm defined by FIPS 180-2 and FIPS 198.
  • HMAC-MD5: The hash message authentication code calculated using the MD5 hash algorithm.
  • HMAC-RIPEMD160: The hash message authentication code calculated using the RACE Integrity Primitives Evaluation Message Digest 160-bit message digest algorithm and cryptographic hash function.
  • HMAC-SHA1: The hash message authentication code calculated using the 160-bit secure hash algorithm defined by FIPS 180-2 and FIPS 198.
  • HMAC-SHA224: The hash message authentication code calculated using the 224-bit secure hash algorithm defined by FIPS 180-2 and FIPS 198.
  • HMAC-SHA256: The hash message authentication code calculated using the 256-bit secure hash algorithm defined by FIPS 180-2 and FIPS 198.
  • HMAC-SHA384: The hash message authentication code calculated using the 384-bit secure hash algorithm defined by FIPS 180-2 and FIPS 198.
  • HMAC-SHA512: The hash message authentication code calculated using the 512-bit secure hash algorithm defined by FIPS 180-2 and FIPS 198.
  • RSA: The RSA public key algorithm defined by PKCS#1 v1.5 and v2.0.
  • DSA: The digital signature algorithm defined by FIPS 186-2.
  • Diffie-Hellman: The Diffie-Hellman key exchange algorithmdefined by PKCS #3.

The Standard Edition of ColdFusion installs a cryptography library with the following algorithms:

  • CFMX_COMPAT: the algorithm used in ColdFusion MX and prior releases. This algorithm is the least secure option (default).
  • AES: the Advanced Encryption Standard specified by the National Institute of Standards and Technology (NIST) FIPS-197.
  • BLOWFISH: the Blowfish algorithm defined by Bruce Schneier.
  • DES: the Data Encryption Standard algorithm defined by NIST FIPS-46-3.
  • DESEDE: the "Triple DES" algorithm defined by NIST FIPS-46-3.

Available Encodings

  • Base64: the Base64 algorithm, as specified by IETF RFC 2045.
  • Hex: the characters !-F0-9 represent the hexadecimal byte values.
  • UU: the UUEncode algorithm.

getEncryptionAlgorithm

Get EncryptionAlgorithm

Returns

  • This function returns string

Examples

// Render the used encryption algorithm
#getPlugin("CookieStorage").getEncryptionAlgorithm()#;

setVar

Set a new permanent variable.

Returns

  • This function returns void

Arguments

Key Type Required Default Description
name string Yes --- The name of the variable.
value any Yes --- The value to set in the variable, simple, array, query or structure.
expires numeric No 0 Cookie Expire in number of days. [default cookie is session only = 0 days]
secure boolean No false If browser does not support Secure Sockets Layer (SSL) security, the cookie is not sent. To use the cookie, the page must be accessed using the https protocol.
path string No URL, within a domain, to which the cookie applies; typically a directory. Only pages in this path can use the cookie. By default, all pages on the server that set the cookie can access the cookie.
domain string No Domain in which cookie is valid and to which cookie content can be sent from the user's system.

Examples

// set some cookies with complex data
data={
  userID = createUUID(),
  loggedInDate = now()
};
#getPlugin("CookieStorage").setVar(name="cookieInfo",value=data,expires=1,secure=true,domain="coldbox.org")#;

// Set a simple cookie
#getPlugin("CookieStorage").setVar(name="appID",value=hash(jsessionid))#;

getEncryptionKey

Get EncryptionKey

Returns

  • This function returns string

Examples

// Render the used encryption algorithm
#getPlugin("CookieStorage").getEncryptionAlgorithm()#;

getVar

Get a new permanent variable. If the cookie does not exist. The method returns blank.

Returns

  • This function returns any

Arguments

Key Type Required Default Description
name string Yes --- The variable name to retrieve.
default any No The default value to set. If not used, a blank is returned.

Examples

// Get the cookie variable
appId = getPlugin("CookieStorage").getVar("appID");

// Get the cookie with default
appId = getPlugin("CookieStorage").getVar("appID","");

setEncryptionAlgorithm

Set EncryptionAlgorithm

Returns

  • This function returns void

Arguments

Key Type Required Default Description
EncryptionAlgorithm string Yes ---

Examples

// Set a new encryption algorithm
getPlugin("CookieStorage").setEncryptionAlgorithm("RSASSA-PSS");

setEncryptionEncoding

Set EncryptionEncoding

Returns

  • This function returns void

Arguments

Key Type Required Default Description
EncryptionEncoding string Yes ---

Examples

// Set a new encryption algorithm
getPlugin("CookieStorage").setEncryptionEncoding("Base64");

getEncryptionEncoding

Get EncryptionEncoding

Returns

  • This function returns string

Examples

// Render the encryption encoding used
#getPlugin("CookieStorage").getEncryptionEncoding()#

getEncryption

Get Encryption

Returns

  • This function returns boolean

Examples

// Boolean that tells you if encryption is active or not
Encryption active: #getPlugin("CookieStorage").getEncryption()#

exists

Checks wether the permanent variable exists.

Returns

  • This function returns boolean

Arguments

Key Type Required Default Description
name string Yes --- The variable name to retrieve.

Examples

// Checks if a cookie exists
if( getPlugin("CookieStorage").exists("userPreferences") ){
  // recreate preferences
}

deleteVar

Tries to delete a permanent cookie var.

Returns

  • This function returns boolean

Arguments

Key Type Required Default Description
name string Yes --- The variable name to retrieve.
domain string No Domain in which cookie is valid and to which cookie content can be sent from the user's system.

Examples

// Remove user preferences 
getPlugin("CookieStorage").deleteVar("userPreferences");

setEncryption

Set Encryption

Returns

  • This function returns void

Arguments

Key Type Required Default Description
Encryption boolean Yes ---

Examples

// Activate cookie encryption
getPlugin("CookieStorage").setEncryption(true);

setEncryptionKey

Set EncryptionKey

Returns

  • This function returns void

Arguments

Key Type Required Default Description
EncryptionKey string Yes ---

Examples

// Set my app encryption key
getPlugin("CookieStorage").setEncryptionKey('MyAwesome Key #hash(now())#');

 
Download in other Formats:
markup Markup | pdf PDF | html HTML | word Word

comments Comments (0)


ColdBox Book

book

Purchase Books

Media

Social Media

Ortus Services

Contact Us

Copyright Ortus Solutions, Corp >> CodexWiki v0.5 Beta 2

Design By DT