Fork me on GitHub
Subscribe 3

Ticket #533 (fixed bug)

Dots aren't allowed in cookie name

  • Created: 2011-11-06 09:35:02
  • Reported by: daris
  • Assigned to: Reines
  • Milestone: 2.0-alpha1
  • Component: authentication
  • Priority: normal

Branch: fluxbb-2.0-sessions

The install.php script generates unique cookie name:

	// Add some random bytes at the end of the cookie name to prevent collisions
	$cookie_name = 'pun_cookie_'.PasswordHash::random_key(6);

But the PasswordHash::random_key can return a dot character (eg. pun_cookie_u9B.rE) which is not allowed in cookie name. This way you won't be able to login as that cookie doesn't exist.

BTW You should add a new ticket component -> sessions smile


daris 2011-11-06 09:35:52

  • Milestone set to 2.0-alpha1.

Franz 2011-11-15 10:12:39

  • Owner set to Reines.

Also, are slashes allowed?

daris 2011-11-15 10:15:25

I put a slash into $cookie_name and I'm able to login so it's allowed

Reines 2012-01-07 16:16:38

Commit ec783b3 to fluxbb fluxbb-2.0-sessions

Don't use periods or slashes in cookie name. #533

Reines 2012-01-07 16:18:04

  • Status changed from open to fixed.