Index: branches/5.3.x/core/kernel/session/session.php =================================================================== diff -u -N -r15580 -r15650 --- branches/5.3.x/core/kernel/session/session.php (.../session.php) (revision 15580) +++ branches/5.3.x/core/kernel/session/session.php (.../session.php) (revision 15650) @@ -1,6 +1,6 @@ CheckIfCookiesAreOn(); - if ($this->CookiesEnabled) $_COOKIE['cookies_on'] = 1; $this->Checkers = Array(); $this->InitStorage($special); @@ -383,14 +382,19 @@ $this->_autoGuessDomain(SERVER_NAME) ); + $cookie_hasher = $this->Application->makeClass('kCookieHasher'); + /* @var $cookie_hasher kCookieHasher */ + + $encrypted_value = $cookie_hasher->encrypt($name, $value); + foreach ($old_style_domains as $old_style_domain) { if ($this->CookieDomain != $old_style_domain) { // new style cookie domain -> delete old style cookie to prevent infinite redirect - setcookie($name, $value, adodb_mktime() - 3600, $this->CookiePath, $old_style_domain, $this->CookieSecure); + setcookie($name, $encrypted_value, adodb_mktime() - 3600, $this->CookiePath, $old_style_domain, $this->CookieSecure); } } - setcookie($name, $value, $expires, $this->CookiePath, $this->CookieDomain, $this->CookieSecure); + setcookie($name, $encrypted_value, $expires, $this->CookiePath, $this->CookieDomain, $this->CookieSecure); } function Check() @@ -653,14 +657,12 @@ { $this->SetCookie($this->CookieName, $this->SID, $this->Expiration); $this->SetCookie($this->CookieName.'_live', $this->SID); - $_COOKIE[$this->CookieName] = $this->SID; // for compatibility with in-portal } function RemoveSessionCookie() { $this->SetCookie($this->CookieName, ''); $this->SetCookie($this->CookieName.'_live', ''); - $_COOKIE[$this->CookieName] = null; // for compatibility with in-portal } /** @@ -1130,4 +1132,4 @@ return $ret; } -} \ No newline at end of file +}