Ticket #533 (fixed bug)
Dots aren't allowed in cookie name
- Created: 2011-11-06 09:35:02
- Reported by: daris
- Assigned to: Reines
- Milestone: 2.0-alpha1
- Component: authentication
- Priority: normal
The install.php script generates unique cookie name:
// Add some random bytes at the end of the cookie name to prevent collisions $cookie_name = 'pun_cookie_'.PasswordHash::random_key(6);
But the PasswordHash::random_key can return a dot character (eg. pun_cookie_u9B.rE) which is not allowed in cookie name. This way you won't be able to login as that cookie doesn't exist.
BTW You should add a new ticket component -> sessions
daris 2011-11-06 09:35:52
- Milestone set to 2.0-alpha1.
Franz 2011-11-15 10:12:39
- Owner set to Reines.
Also, are slashes allowed?
daris 2011-11-15 10:15:25
I put a slash into $cookie_name and I'm able to login so it's allowed
Reines 2012-01-07 16:18:04
- Status changed from open to fixed.