Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
vanilla forum cookie content denote what
deepus
New
echo $_COOKIE[$CookieName];
results '1-1369340879|74c5d8e6a60743f1df88e85cccc594a0|1366748879|1|1369340879'
each value denote what???
thanks for your replay.......
0
Comments
1 is userid
i think 74c5d8e6a60743f1df88e85cccc594a0 is hash
rest of them ???????
UserID-Expiration|HMAC|Timestamp|UserID|Expirationhttp://en.wikipedia.org/wiki/Hash-based_message_authentication_code
So explain it better in
Gdn_CookieIdentity::SetCookiein addsKeyData|HMAC|Timstampand appends any cookie contents to the end delimited by pipe. SetIdentity is only one possible use of SetCookie, and in that case it supplies virtually the same for theKeyDataas theCookieContentThe hash is salted an you can change the primary hash algorithm (md5 or sha1).
grep is your friend.
The data that is verified by HMAC is the KeyData. So in other word not only is the cookie authenticated by hash, it verifies that the associated KeyData is correct and hasn't been tampered.
grep is your friend.
thank you** x00 ** for your valuable reply
function _Hash($Data, $CookieHashMethod, $CookieSalt)what is $Data ???$Data is the data to place in the hash, means what????
Is this the $KeyData???
If you read
http://en.wikipedia.org/wiki/Hash-based_message_authentication_code
Data is the message. In this case message is KeyData (
UserID-Expiration), but could be anything.That function is just a wrapper, as to not confuse generating the key, to generating the final hash. So in the second pass you supply the generated key as the salt ( not the saved salt)
grep is your friend.
got it thank you very much x00