(Cross-posted to hackers and testers) A new cookie protocol has landed in trunk. This protocol is based on the one described here:
http://www.cse.msu.edu/~alexliu/publications/Cookie/cookie.pdf The cookie is laid out like so: user name|expiration time|HMAC( user name|expiration time, k) where k = HMAC(user name|expiration time, sk) and where sk is a secret key sk, the secret key, consists of a random string saved to the options table in a "secret" field and a user definable secret key specified in wp-config.php with the SECRET_KEY define. If SECRET_KEY is not defined, the DB connect info is used to construct SECRET_KEY. Cookies can be mass-expired by changing SECRET_KEY or "secret" in the options table. This protocol requires the hash_hmac() function. This function is available only in php 5.1.2 and later, so we added a php implementation of it to compat.php. If you are using PHP versions < 5.1.2, let us know if you have any troubles with regard to hash_hmac(). The cookie design is still being discussed, so expect some more changes. You can join the ongoing design discussion here: http://trac.wordpress.org/ticket/5367#comment:29 _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
