Skip to content
This repository has been archived by the owner on Jul 24, 2023. It is now read-only.

Timestamp not included in memcached-Nonce-Store #57

Closed
rkarge opened this issue Aug 19, 2011 · 1 comment
Closed

Timestamp not included in memcached-Nonce-Store #57

rkarge opened this issue Aug 19, 2011 · 1 comment

Comments

@rkarge
Copy link

rkarge commented Aug 19, 2011

When using memcached as store for nonces only the salt is included so that the nonce might not be unique any more if an implementation (e.g. openid4java standard implementation) uses the timestamp followed by a counter.

return $this->connection->add(
'openid_nonce_' . sha1($server_url) . '_' . sha1($salt),
1, // any value here
$this->compress,
$Auth_OpenID_SKEW);

could be modified to:

return $this->connection->add(
'openid_nonce_' . sha1($server_url) . '_' . sha1($timestamp.$salt),
1, // any value here
$this->compress,
$Auth_OpenID_SKEW);

to fix that in Auth/OpenID/MemcachedStore.php
@timcappalli
Copy link
Member

This repo is being archived. Closing issue.

@timcappalli timcappalli closed this as not planned Won't fix, can't repro, duplicate, stale Jul 24, 2023
@pbrooks pbrooks mentioned this issue Jul 24, 2023
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rkarge @timcappalli