diff options
author | Derek Allard <derek.allard@ellislab.com> | 2008-03-18 01:01:52 +0100 |
---|---|---|
committer | Derek Allard <derek.allard@ellislab.com> | 2008-03-18 01:01:52 +0100 |
commit | 9c4280be80f1f0ad4011ca1ae4f05c89e7963bb9 (patch) | |
tree | 239340c5909db6347254e6fe08b3f5d1b9a40344 /system | |
parent | 6ef8b69b80093bf706d29df28d108f77acbf9dc0 (diff) |
added hashing to prevent client side data tampering to sessions
Diffstat (limited to 'system')
-rw-r--r-- | system/libraries/Session.php | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/system/libraries/Session.php b/system/libraries/Session.php index 2cdd50c23..afa43348e 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -196,7 +196,22 @@ class CI_Session { {
$session = $this->CI->encrypt->decode($session);
}
+ else
+ {
+ // encryption was not used, so we need to check the md5 hash
+ $hash = substr($session, strlen($session)-32); // get last 32 chars
+ $session = substr($session, 0, strlen($session)-32);
+ // Does the md5 hash match? This is to prevent manipulation of session data
+ // in userspace
+ if ($hash !== md5($session.$this->CI->config->item('encryption_key')))
+ {
+ log_message('error', 'The session cookie data did not match what was expected. This could be a possible hacking attempt.');
+ $this->sess_destroy();
+ return FALSE;
+ }
+ }
+
$session = @unserialize($this->strip_slashes($session));
if ( ! is_array($session) OR ! isset($session['last_activity']))
@@ -284,6 +299,11 @@ class CI_Session { {
$cookie_data = $this->CI->encrypt->encode($cookie_data);
}
+ else
+ {
+ // if encryption is not used, we provide an md5 hash to prevent userside tampering
+ $cookie_data = $cookie_data . md5($cookie_data.$this->CI->config->item('encryption_key'));
+ }
setcookie(
$this->sess_cookie,
|