Fix bug that causes PHP notice when no session cookie is passed from browser. |
|
More...
|
over 12 years ago
|
Don't use the build in session cookies. |
|
More...
|
over 12 years ago
|
Since we set a session cookie on our session handler, disable the build in cookies. |
|
More...
|
over 12 years ago
|
Use default charset for random stuff. |
|
More...
|
over 12 years ago
|
Updated default charset for random functions to include uppercase letters. |
|
More...
|
over 12 years ago
|
Added back the regeneration of session encryption key. Issue not fixed but this is due to how PHP works. Not how phpSec works. As for now this closes #36. |
|
More...
|
almost 13 years ago
|
#36 Some changes to the session hijacking protection of sessions. Instead of regeneration encryption key we change the session ID. Also generate a stronger session encryption key. |
|
More...
|
almost 13 years ago
|
Don't mess with users encryption key. Fixes #37. |
|
More...
|
almost 13 years ago
|
Partial solution for #36. This does not fix the problem, but should reduce the risk of it to happen. |
|
More...
|
almost 13 years ago
|
Use bigger charset with capital letters when generation Uid. |
|
More...
|
almost 13 years ago
|
Don't hash Uid, to allow for longer Uids. |
|
More...
|
almost 13 years ago
|
Create a PBKDF2 MAC to ensure message integrity in phpsecCrypt. This breaks compability with older versions of phpSec. |
|
More...
|
almost 13 years ago
|
Close up libmcrypt after use. |
|
More...
|
almost 13 years ago
|
Changed order of data in JSON string returned by phpsecCrypt::encrypt() |
|
More...
|
almost 13 years ago
|
Encryption algorithm and mode now public static strings, allowing user to change if needed. Also changing algorithms now works. |
|
More...
|
almost 13 years ago
|
Changed default encryption algorithm to RIJNDAEL-256. |
|
More...
|
almost 13 years ago
|
Implement PBKDF2 as described in RFC 2898 to improve key generation (#35). |
|
More...
|
almost 13 years ago
|
Renamed phpsec::f() to phpsec::t(), fixes #33 Added phpsec::f() as simple XSS filter, fixes #34 |
|
More...
|
almost 13 years ago
|
Removed phpsec.pgp.php as this will never be stable enough for production. |
|
More...
|
almost 13 years ago
|
Improved phpSec::pwInject() method. Now inject the salt at random position in the original password depending what the password is. |
|
More...
|
almost 13 years ago
|
Check User-Agent when starting sessions. Fixes #30. |
|
More...
|
almost 13 years ago
|
Removed examples.php |
|
More...
|
almost 13 years ago
|
Cleanup. |
|
More...
|
almost 13 years ago
|
Generate new session encryption key for each request as a replacement for session_regenerate_id(). |
|
More...
|
almost 13 years ago
|
Generate the secret inside the phpsecSession::setSecret() method. |
|
More...
|
almost 13 years ago
|
Added phpsecSession::setSecret() |
|
More...
|
almost 13 years ago
|
Don't destroy key cookie when destroying a session. |
|
More...
|
almost 13 years ago
|
Generate custom session ID. |
|
More...
|
almost 13 years ago
|
Removed examples.php |
|
More...
|
almost 13 years ago
|
Added examples.php to gitignore. |
|
More...
|
almost 13 years ago
|