From f7bb5de804f726599c489ca42098841f7475cd06 Mon Sep 17 00:00:00 2001
From: Jon Cave <jon@joncave.co.uk>
Date: Tue, 4 Jun 2013 16:50:20 +0100
Subject: [PATCH] Use HMAC construction for remember me cookie hashes

---
 .../Security/Http/RememberMe/TokenBasedRememberMeServices.php   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
index 5a66fe4539..995b6f6ef4 100644
--- a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
+++ b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
@@ -147,6 +147,6 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices
      */
     protected function generateCookieHash($class, $username, $expires, $password)
     {
-        return hash('sha256', $class.$username.$expires.$password.$this->getKey());
+        return hash_hmac('sha256', $class.$username.$expires.$password, $this->getKey());
     }
 }