Use HMAC construction for remember me cookie hashes

2013-06-04 16:50:20 +01:00 · 2013-06-04 16:50:20 +01:00 · f7bb5de804
parent 8b3d8c1bae
commit f7bb5de804
1 changed files with 1 additions and 1 deletions
--- a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
+++ b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
@ -147,6 +147,6 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices
     */
    protected function generateCookieHash($class, $username, $expires, $password)
    {
-        return hash('sha256', $class.$username.$expires.$password.$this->getKey());
+        return hash_hmac('sha256', $class.$username.$expires.$password, $this->getKey());
    }
 }