Merge branch '3.4' into 4.2
* 3.4: [Security] Add a separator in the remember me cookie hash
This commit is contained in:
commit
abd8b954f4
|
@ -122,6 +122,6 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices
|
|||
*/
|
||||
protected function generateCookieHash($class, $username, $expires, $password)
|
||||
{
|
||||
return hash_hmac('sha256', $class.$username.$expires.$password, $this->getSecret());
|
||||
return hash_hmac('sha256', $class.self::COOKIE_DELIMITER.$username.self::COOKIE_DELIMITER.$expires.self::COOKIE_DELIMITER.$password, $this->getSecret());
|
||||
}
|
||||
}
|
||||
|
|
Reference in New Issue