From be788ba986406c554f0746697bd9fe97a2c0f6f2 Mon Sep 17 00:00:00 2001
From: xue <>
Date: Mon, 13 Feb 2006 02:49:38 +0000
Subject: Removed host address and user agent from cookie validation
 information.

---
 framework/Web/THttpRequest.php  | 11 +++--------
 framework/Web/THttpResponse.php |  4 +---
 2 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/framework/Web/THttpRequest.php b/framework/Web/THttpRequest.php
index 26e57e5b..a0fa50e4 100644
--- a/framework/Web/THttpRequest.php
+++ b/framework/Web/THttpRequest.php
@@ -83,7 +83,7 @@ class THttpRequest extends TMap implements IModule
 	private $_urlFormat='Get';
 	private $_services;
 	private $_requestResolved=false;
-	private $_enableCookieValidation=true;
+	private $_enableCookieValidation=false;
 	/**
 	 * @var string request URL
 	 */
@@ -357,7 +357,7 @@ class THttpRequest extends TMap implements IModule
 	}
 
 	/**
-	 * @return boolean whether cookies should be validated. Defaults to true.
+	 * @return boolean whether cookies should be validated. Defaults to false.
 	 */
 	public function getEnableCookieValidation()
 	{
@@ -382,16 +382,11 @@ class THttpRequest extends TMap implements IModule
 			$this->_cookies=new THttpCookieCollection;
 			if($this->getEnableCookieValidation())
 			{
-				$sig=$this->getUserHostAddress().$this->getUserAgent();
 				$sm=$this->getApplication()->getSecurityManager();
 				foreach($_COOKIE as $key=>$value)
 				{
 					if(($value=$sm->validateData($value))!==false)
-					{
-						$v=unserialize($value);
-						if(isset($v[0]) && isset($v[1]) && $v[0]===$sig)
-							$this->_cookies->add(new THttpCookie($key,$v[1]));
-					}
+						$this->_cookies->add(new THttpCookie($key,$value));
 				}
 			}
 			else
diff --git a/framework/Web/THttpResponse.php b/framework/Web/THttpResponse.php
index 5fed2167..1607b9d5 100644
--- a/framework/Web/THttpResponse.php
+++ b/framework/Web/THttpResponse.php
@@ -352,9 +352,7 @@ class THttpResponse extends TModule implements ITextWriter
 		$request=$this->getRequest();
 		if($request->getEnableCookieValidation())
 		{
-			$sig=$request->getUserHostAddress().$request->getUserAgent();
-			$data=serialize(array($sig,$cookie->getValue()));
-			$value=$this->getApplication()->getSecurityManager()->hashData($data);
+			$value=$this->getApplication()->getSecurityManager()->hashData($cookie->getValue());
 			setcookie($cookie->getName(),$value,$cookie->getExpire(),$cookie->getPath(),$cookie->getDomain(),$cookie->getSecure());
 		}
 		else
-- 
cgit v1.2.3