You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 24, 2023. It is now read-only.
When using memcached as store for nonces only the salt is included so that the nonce might not be unique any more if an implementation (e.g. openid4java standard implementation) uses the timestamp followed by a counter.
return $this->connection->add(
'openid_nonce_' . sha1($server_url) . '_' . sha1($salt),
1, // any value here
$this->compress,
$Auth_OpenID_SKEW);
could be modified to:
return $this->connection->add(
'openid_nonce_' . sha1($server_url) . '_' . sha1($timestamp.$salt),
1, // any value here
$this->compress,
$Auth_OpenID_SKEW);
to fix that in Auth/OpenID/MemcachedStore.php
The text was updated successfully, but these errors were encountered:
When using memcached as store for nonces only the salt is included so that the nonce might not be unique any more if an implementation (e.g. openid4java standard implementation) uses the timestamp followed by a counter.
return $this->connection->add(
'openid_nonce_' . sha1($server_url) . '_' . sha1($salt),
1, // any value here
$this->compress,
$Auth_OpenID_SKEW);
could be modified to:
return $this->connection->add(
'openid_nonce_' . sha1($server_url) . '_' . sha1($timestamp.$salt),
1, // any value here
$this->compress,
$Auth_OpenID_SKEW);
to fix that in Auth/OpenID/MemcachedStore.php
The text was updated successfully, but these errors were encountered: