diff options
| author | Christian Schneider | 2020-05-06 14:10:40 +0200 |
|---|---|---|
| committer | Christian Schneider | 2020-05-06 14:10:40 +0200 |
| commit | c230360afbb9406ab239dbacd1181c149f9aa628 (patch) | |
| tree | c2f10abe40b5c5dd830cbadfe8fba7404ec37820 /it_session.class | |
| parent | 102778b78bd38b857b2bab7d23d949d7423d55f3 (diff) | |
| download | itools-c230360afbb9406ab239dbacd1181c149f9aa628.tar.gz itools-c230360afbb9406ab239dbacd1181c149f9aa628.tar.bz2 itools-c230360afbb9406ab239dbacd1181c149f9aa628.zip | |
Use random_bytes() instead of uniqid() now that we require PHP 7.0 for itools
Diffstat (limited to 'it_session.class')
| -rw-r--r-- | it_session.class | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/it_session.class b/it_session.class index af26082..e8c856c 100644 --- a/it_session.class +++ b/it_session.class @@ -161,7 +161,7 @@ function set_valid($valid = true, $login_identifier_required = false, $login_ide } else { - $this->cookie = md5(uniqid(rand())); /* random garbage */ + $this->cookie = bin2hex(random_bytes(16)); /* random garbage */ $result = !$valid; /* Setting to invalid succeeded or setting to valid failed */ } @@ -189,7 +189,7 @@ function create_login_identifier() { if (!$this->cookie) { - $this->cookie = md5(uniqid(rand())); /* random garbage */ + $this->cookie = bin2hex(random_bytes(16)); /* random garbage */ it::setcookie($this->cookiename, $this->cookie, [ 'expires' => _IT_SESSION_COOKIE_EXPIRY, 'path' => "/", 'domain' => $this->domain, 'secure' => $this->ssl, 'httponly' => true, 'samesite' => _IT_USER_COOKIE_SAMESITE ]); } |