Use HMAC construction for remember me cookie hashes

author: Jon Cave <jon@joncave.co.uk> 2013-06-04 16:50:20 +0100
committer: Fabien Potencier <fabien.potencier@gmail.com> 2013-07-21 21:35:20 +0200
commit: ec4458630f6022561f9fcbfc0dc187f746f07170 (patch)
tree: c38e007fcb39043bce0d607ab2f2f7d60b0f3385
parent: 710089319e7e5fa16c5b5654e17da5c5a0e02fe4 (diff)
download: symfony-security-ec4458630f6022561f9fcbfc0dc187f746f07170.zip
symfony-security-ec4458630f6022561f9fcbfc0dc187f746f07170.tar.gz
symfony-security-ec4458630f6022561f9fcbfc0dc187f746f07170.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/Http/RememberMe/TokenBasedRememberMeServices.php b/Http/RememberMe/TokenBasedRememberMeServices.php
index 5a66fe4..995b6f6 100644
--- a/Http/RememberMe/TokenBasedRememberMeServices.php
+++ b/Http/RememberMe/TokenBasedRememberMeServices.php
@@ -147,6 +147,6 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices
      */
     protected function generateCookieHash($class, $username, $expires, $password)
     {
-        return hash('sha256', $class.$username.$expires.$password.$this->getKey());
+        return hash_hmac('sha256', $class.$username.$expires.$password, $this->getKey());
     }
 }
author	Jon Cave <jon@joncave.co.uk>	2013-06-04 16:50:20 +0100
committer	Fabien Potencier <fabien.potencier@gmail.com>	2013-07-21 21:35:20 +0200
commit	ec4458630f6022561f9fcbfc0dc187f746f07170 (patch)
tree	c38e007fcb39043bce0d607ab2f2f7d60b0f3385
parent	710089319e7e5fa16c5b5654e17da5c5a0e02fe4 (diff)
download	symfony-security-ec4458630f6022561f9fcbfc0dc187f746f07170.zip symfony-security-ec4458630f6022561f9fcbfc0dc187f746f07170.tar.gz symfony-security-ec4458630f6022561f9fcbfc0dc187f746f07170.tar.bz2