From e56342d98e1b52044e48af5dd8f228d3e9a9b4f9 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Wed, 14 Oct 2020 17:12:57 +0200 Subject: [PATCH] Reduce the size of the session cookie Send the raw bytes representing the session ID instead of the hexadecimal encoding. --- .../system/package/PackageInstallationDispatcher.class.php | 2 +- .../install/files/lib/system/session/SessionHandler.class.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/wcfsetup/install/files/lib/system/package/PackageInstallationDispatcher.class.php b/wcfsetup/install/files/lib/system/package/PackageInstallationDispatcher.class.php index 857e4c4699..8effba9147 100644 --- a/wcfsetup/install/files/lib/system/package/PackageInstallationDispatcher.class.php +++ b/wcfsetup/install/files/lib/system/package/PackageInstallationDispatcher.class.php @@ -238,7 +238,7 @@ class PackageInstallationDispatcher { define('SIGNATURE_SECRET', $signatureSecret); HeaderUtil::setCookie( "acp_session", - CryptoUtil::createSignedString(WCF::getSession()->sessionID) + CryptoUtil::createSignedString(\hex2bin(WCF::getSession()->sessionID)) ); if (WCF::getSession()->getVar('__wcfSetup_developerMode')) { diff --git a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php index 100f80f7b8..91508b2366 100644 --- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php +++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php @@ -202,7 +202,7 @@ final class SessionHandler extends SingletonFactory { return $_COOKIE[$cookieName]; } - return CryptoUtil::getValueFromSignedString($_COOKIE[$cookieName]); + return \bin2hex(CryptoUtil::getValueFromSignedString($_COOKIE[$cookieName])); } return null; @@ -216,7 +216,7 @@ final class SessionHandler extends SingletonFactory { return $sessionID; } - return CryptoUtil::createSignedString($sessionID); + return CryptoUtil::createSignedString(\hex2bin($sessionID)); } /** -- 2.20.1