Ticket 533: Dots aren't allowed in cookie name - FluxBB core

Download

Tickets

Milestones

Subscribe 3

Ticket #533 (fixed bug)

Dots aren't allowed in cookie name

Created: 2011-11-06 09:35:02
Reported by: daris
Assigned to: Reines

Milestone: 2.0-alpha1
Component: authentication
Priority: normal

Branch: fluxbb-2.0-sessions

The install.php script generates unique cookie name:

	// Add some random bytes at the end of the cookie name to prevent collisions
	$cookie_name = 'pun_cookie_'.PasswordHash::random_key(6);

But the PasswordHash::random_key can return a dot character (eg. pun_cookie_u9B.rE) which is not allowed in cookie name. This way you won't be able to login as that cookie doesn't exist.

BTW You should add a new ticket component -> sessions

History

daris 2011-11-06 09:35:52

Milestone set to 2.0-alpha1.

Franz 2011-11-15 10:12:39

Owner set to Reines.

Also, are slashes allowed?

daris 2011-11-15 10:15:25

I put a slash into $cookie_name and I'm able to login so it's allowed

Reines 2012-01-07 16:16:38

Commit ec783b3 to fluxbb fluxbb-2.0-sessions

Don't use periods or slashes in cookie name. #533

Reines 2012-01-07 16:18:04

Status changed from open to fixed.

Done: https://github.com/fluxbb/fluxbb/commit … 2b7f444f9b