mirror of
https://github.com/znc/znc.git
synced 2026-03-28 17:42:41 +01:00
cbb6e14c3a
We now use a lot more data for generating the session id which is fed to a hash to make it impossible to attack specific parts of the input. Also we now retry generating a new session id in the (improbable) case of collision with an existing session id. Thanks a lot to cnu for pointing out the weakness in the old code by stealing my session cookie, you evil hacker! git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1819 726aef4b-f618-498e-8847-2d620e286838
18 KiB
18 KiB