Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Session: cookie adapter with hmac strategy fails after write #20

daschl opened this Issue · 0 comments

2 participants


This ticket has been moved vom to here (originally reported by scoates).

What happened:

  • HMAC tampering RuntimeException after a Session::write()

What was expected:

  • the signature cookie should change to reflect the new data after a Session::write()

Reproduce code (controller; run this twice from the same browser session):

try {
    $read = Session::read('t');
} catch (MissingSignatureException $e) {
    // ignore; we're starting a new session
    $read = false;
if (!$read) {
    Session::write('t', time());
@jperras jperras was assigned
@daschl daschl referenced this issue from a commit
@daschl daschl Sesssion: Fixing HMAC key bug #20. Added test cases.
Now the hmac signature is correctly calculated if a new value with the same key is inserted again.
@daschl daschl closed this
@daschl daschl was assigned
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.