In codeigniter,
whenever a user is authenticated, I want to create a random session. This mechanism will be used to encrypt/decrypt the data between views-controllers. For example, I look to open a form as below:
<?php echo form_open('targetcontrollerfunction/'.encryptionfunction(data_to_be_secured)); ?>
Thus if anyone goes to inspect element, they is not able to understand the data that is being passed to the controller.
What I have tried:
I have gone through Codeigniter documentation and several articles on stackoverflow and google too. They suggest using encryption library to generate a random key and encrypt library to encode/decode the data using that key. But the challenge is that they want me to store the newly generated key in $config["encryption_key"]
Here the problem begins. In my Controller function I am validating the user account and setting some session variables. At the same time, I want random key to be generated so that the key is 100% unique for every user, but when I use the following code inside my controller function:
$randomkey=bin2hex($this->encryption->create_key(16));
$config["encryption_key"]=$randomkey;
$this->session->set_userdata('somekey', $this->encrypt->encode("somevalue"));
I also changed it to :
$randomkey=bin2hex($this->encryption->create_key(16));
$config=array(
'encryption_key'=>$randomkey
);
$this->encryption->initialize($config);
$this->session->set_userdata('somekey', $this->encrypt->encode("somevalue"));
I get an error:
In order to use the encryption class requires that you set an encryption key in your config file.
libraries cannot be loaded into config.php file, encryption_key cannot be set inside the controller, I am totally confused. What else is the way to generate a random key and use the same for every logged in session?
