[eluser]Byrro[/eluser]
Actually, I´ve found out a problem:
In the function _set_cookie of the Session class, we have this code:
Code:
if ($this->sess_encrypt_cookie == TRUE)
{
$cookie_data = $this->CI->encrypt->encode($cookie_data);
}
In the encryption class, the function encode is written this way:
Code:
function encode($string, $key = '')
{
$key = $this->get_key($key);
$enc = $this->_xor_encode($string, $key);
if ($this->_mcrypt_exists === TRUE)
{
$enc = $this->mcrypt_encode($enc, $key);
}
return base64_encode($enc);
}
The problem is: the Session class calls the Encryption´s method "encode" without passing the second parameter. The encode method then looks first in the Encrypttion class constructor, which sets, by default, the encryption_key to empty string. Then it looks in the config file. So, It doesn´t matter if you set an encryption_key inside the Session class, it will always use the key set in the config file.
To workaround this problem, we have two ways: set a default encryption_key in the Encryption class, or pass the second parameter to the method encode. I´ve tested the first one and worked. Tried the second way (which is better, I think) but not successfully. Here´s the code I´m trying, in the Session class:
Code:
function CI_Session($params = array('encryption_key' => 'foobar'))
Code:
function _set_cookie($cookie_data = NULL)
{
(...)
if ($this->sess_encrypt_cookie == TRUE)
{
$cookie_data = $this->CI->encrypt->encode($cookie_data, $this->encryption_key);
}
Could someone please help me to get this working? Thank you!