Merge branch '4.2'

* 4.2: [Security] Add a separator in the remember me cookie hash
symfony · Apr 16, 2019 · 14ba16b · 14ba16b
2 parents 5d58307 + abd8b95
commit 14ba16b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
@@ -122,6 +122,6 @@ protected function generateCookieValue($class, $username, $expires, $password)
      */
     protected function generateCookieHash($class, $username, $expires, $password)
     {
-        return hash_hmac('sha256', $class.$username.$expires.$password, $this->getSecret());
+        return hash_hmac('sha256', $class.self::COOKIE_DELIMITER.$username.self::COOKIE_DELIMITER.$expires.self::COOKIE_DELIMITER.$password, $this->getSecret());
     }
 }