From a29ce2817cf43bb1850cf6af114004ac26c7a081 Mon Sep 17 00:00:00 2001
From: Pascal Borreli <pascal@borreli.com>
Date: Sat, 6 Apr 2019 11:40:18 +0100
Subject: [PATCH] [Security] Add a separator in the remember me cookie hash

---
 .../Security/Http/RememberMe/TokenBasedRememberMeServices.php   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
index 48d88e5730..9522113339 100644
--- a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
+++ b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
@@ -120,6 +120,6 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices
      */
     protected function generateCookieHash($class, $username, $expires, $password)
     {
-        return hash_hmac('sha256', $class.$username.$expires.$password, $this->getSecret());
+        return hash_hmac('sha256', $class.self::COOKIE_DELIMITER.$username.self::COOKIE_DELIMITER.$expires.self::COOKIE_DELIMITER.$password, $this->getSecret());
     }
 }