diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Security] Add a separator in the remember me cookie hash

Browse Source
This commit is contained in:
Pascal Borreli 2019-04-06 11:40:18 +01:00 committed by MichaelC
parent 3e0b2354db
commit a29ce2817c
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
View File

@ -120,6 +120,6 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices
*/ */
protected function generateCookieHash($class, $username, $expires, $password) protected function generateCookieHash($class, $username, $expires, $password)
{ {
return hash_hmac('sha256', $class.$username.$expires.$password, $this->getSecret()); return hash_hmac('sha256', $class.self::COOKIE_DELIMITER.$username.self::COOKIE_DELIMITER.$expires.self::COOKIE_DELIMITER.$password, $this->getSecret());
} }
} }