Client-side PHP Sessions

ClientSideSessionHandler.php

<?php
class ClientSideSessionHandler implements SessionHandlerInterface
{
    const SESSION_COOKIE_NAME = 'data';
    
    private $cryptor;
    private $cookieJar;
    private $encryptionKey;
    private $signingKey;
    
    public function __construct(Cryptor $cryptor, CookieJar $cookieJar, $encryptionKey, $signingKey)
    {
	$this->cryptor = $cryptor;
	$this->cookieJar = $cookieJar;
	$this->encryptionKey = $encryptionKey;
        $this->signingKey = $signingKey;
    }
    
    public function open($savePath, $sessionName)
    {
	return true;
    }
    
    public function close()
    {
	return true;
    }
    
    public function read($id)
    {
	$data = $this->cookieJar->get( static::SESSION_COOKIE_NAME );
	if( !$this->cryptor->verify( $data, $this->signingKey ) ) { 
	    throw new SessionAuthenticationException('Session cookie signature mismatch.');
	}
	
	return $this->cryptor->decrypt( $data, $this->encryptionKey );
    }
    
    public function write($id, $data)
    {
	$data = $this->cryptor->sign( $this->cryptor->encrypt( $data, $this->encryptionKey ), $this->signingKey );
	$this->cookieJar->set( static::SESSION_COOKIE_NAME, $data );
	
	return true;
    }
    
    public function destroy($id)
    {
	$this->cookieJar->remove( static::SESSION_COOKIE_NAME );
	return true;
    }
    
    public function gc($maxlifetime)
    {
	return true;
    }
}

CookieJar.php

<?php
interface CookieJar
{
    function get($cookiename);
    function set($cookiename, $value);
    function remove($cookiename);
}

Cryptor.php

<?php
interface Cryptor
{
    function encrypt($blob, $key);
    function decrypt($blob, $key);
    function verify($blob, $key);
    function sign($blob, $key);
}

SessionAuthenticationException.php

<?php
class SessionAuthenticationException extends RuntimeException {}