summaryrefslogtreecommitdiff
path: root/framework/Web
diff options
context:
space:
mode:
Diffstat (limited to 'framework/Web')
-rw-r--r--framework/Web/THttpRequest.php11
-rw-r--r--framework/Web/THttpResponse.php4
2 files changed, 4 insertions, 11 deletions
diff --git a/framework/Web/THttpRequest.php b/framework/Web/THttpRequest.php
index 26e57e5b..a0fa50e4 100644
--- a/framework/Web/THttpRequest.php
+++ b/framework/Web/THttpRequest.php
@@ -83,7 +83,7 @@ class THttpRequest extends TMap implements IModule
private $_urlFormat='Get';
private $_services;
private $_requestResolved=false;
- private $_enableCookieValidation=true;
+ private $_enableCookieValidation=false;
/**
* @var string request URL
*/
@@ -357,7 +357,7 @@ class THttpRequest extends TMap implements IModule
}
/**
- * @return boolean whether cookies should be validated. Defaults to true.
+ * @return boolean whether cookies should be validated. Defaults to false.
*/
public function getEnableCookieValidation()
{
@@ -382,16 +382,11 @@ class THttpRequest extends TMap implements IModule
$this->_cookies=new THttpCookieCollection;
if($this->getEnableCookieValidation())
{
- $sig=$this->getUserHostAddress().$this->getUserAgent();
$sm=$this->getApplication()->getSecurityManager();
foreach($_COOKIE as $key=>$value)
{
if(($value=$sm->validateData($value))!==false)
- {
- $v=unserialize($value);
- if(isset($v[0]) && isset($v[1]) && $v[0]===$sig)
- $this->_cookies->add(new THttpCookie($key,$v[1]));
- }
+ $this->_cookies->add(new THttpCookie($key,$value));
}
}
else
diff --git a/framework/Web/THttpResponse.php b/framework/Web/THttpResponse.php
index 5fed2167..1607b9d5 100644
--- a/framework/Web/THttpResponse.php
+++ b/framework/Web/THttpResponse.php
@@ -352,9 +352,7 @@ class THttpResponse extends TModule implements ITextWriter
$request=$this->getRequest();
if($request->getEnableCookieValidation())
{
- $sig=$request->getUserHostAddress().$request->getUserAgent();
- $data=serialize(array($sig,$cookie->getValue()));
- $value=$this->getApplication()->getSecurityManager()->hashData($data);
+ $value=$this->getApplication()->getSecurityManager()->hashData($cookie->getValue());
setcookie($cookie->getName(),$value,$cookie->getExpire(),$cookie->getPath(),$cookie->getDomain(),$cookie->getSecure());
}
else