summaryrefslogtreecommitdiffstats
path: root/system/libraries/Session.php
diff options
context:
space:
mode:
authorDerek Allard <derek.allard@ellislab.com>2008-03-18 01:01:52 +0100
committerDerek Allard <derek.allard@ellislab.com>2008-03-18 01:01:52 +0100
commit9c4280be80f1f0ad4011ca1ae4f05c89e7963bb9 (patch)
tree239340c5909db6347254e6fe08b3f5d1b9a40344 /system/libraries/Session.php
parent6ef8b69b80093bf706d29df28d108f77acbf9dc0 (diff)
added hashing to prevent client side data tampering to sessions
Diffstat (limited to 'system/libraries/Session.php')
-rw-r--r--system/libraries/Session.php20
1 files changed, 20 insertions, 0 deletions
diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index 2cdd50c23..afa43348e 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -196,7 +196,22 @@ class CI_Session {
{
$session = $this->CI->encrypt->decode($session);
}
+ else
+ {
+ // encryption was not used, so we need to check the md5 hash
+ $hash = substr($session, strlen($session)-32); // get last 32 chars
+ $session = substr($session, 0, strlen($session)-32);
+ // Does the md5 hash match? This is to prevent manipulation of session data
+ // in userspace
+ if ($hash !== md5($session.$this->CI->config->item('encryption_key')))
+ {
+ log_message('error', 'The session cookie data did not match what was expected. This could be a possible hacking attempt.');
+ $this->sess_destroy();
+ return FALSE;
+ }
+ }
+
$session = @unserialize($this->strip_slashes($session));
if ( ! is_array($session) OR ! isset($session['last_activity']))
@@ -284,6 +299,11 @@ class CI_Session {
{
$cookie_data = $this->CI->encrypt->encode($cookie_data);
}
+ else
+ {
+ // if encryption is not used, we provide an md5 hash to prevent userside tampering
+ $cookie_data = $cookie_data . md5($cookie_data.$this->CI->config->item('encryption_key'));
+ }
setcookie(
$this->sess_cookie,