$hasValidSessionCookie = false;
if (!empty($_COOKIE[COOKIE_PREFIX."user_session"])) {
$cookieValue = CryptoUtil::getValueFromSignedString($_COOKIE[COOKIE_PREFIX."user_session"]);
- if ($cookieValue && \mb_strlen($cookieValue, '8bit') === 26) {
+ if ($cookieValue && \mb_strlen($cookieValue, '8bit') === 22) {
$sessionID = \bin2hex(\mb_substr($cookieValue, 1, 20, '8bit'));
if ($sessionID === WCF::getSession()->sessionID) {
$hasValidSessionCookie = true;
"user_session",
CryptoUtil::createSignedString(
\pack(
- 'CA20CN',
+ 'CA20C',
1,
\hex2bin(WCF::getSession()->sessionID),
- 0,
- WCF::getUser()->userID
+ 0
)
)
);
}
if ($version === 1) {
- if ($length !== 26) {
+ if ($length !== 22) {
throw new \InvalidArgumentException(\sprintf(
- 'Expected exactly 26 Bytes, %d given.',
+ 'Expected exactly 22 Bytes, %d given.',
$length
));
}
- $data = \unpack('Cversion/A20sessionId/Ctimestep/NuserId', $value);
+ $data = \unpack('Cversion/A20sessionId/Ctimestep', $value);
$data['sessionId'] = Hex::encode($data['sessionId']);
return $data;
}
return CryptoUtil::createSignedString(\pack(
- 'CA20CN',
+ 'CA20C',
1,
Hex::decode($this->sessionID),
- $this->getCookieTimestep(),
- $this->user->userID ?: 0
+ $this->getCookieTimestep()
));
}
$cookieData = $this->getParsedCookieData();
- // No refresh is needed if userId and timestep match up.
- if (
- $cookieData['userId'] === $this->user->userID &&
- $cookieData['timestep'] === $this->getCookieTimestep()
- ) {
+ // No refresh is needed if the timestep matches up.
+ if ($cookieData['timestep'] === $this->getCookieTimestep()) {
return;
}