1
0
mirror of https://github.com/lxsang/antd-web-apps synced 2024-12-25 17:08:22 +01:00

add salt to sessionid hash

This commit is contained in:
DanyLE 2022-09-02 20:09:46 +02:00
parent 5b8acf2d87
commit 395249972e

View File

@ -43,7 +43,8 @@ function UserController:login(...)
local request = JSON.decodeString(REQUEST.json)
local r = ulib.auth(request.username,request.password)
if r == true then
local cookie = {sessionid=std.sha1(request.username..request.password)} -- iotos_user = request.username
local salt = utils.generate_salt(20)
local cookie = {sessionid=std.sha1(request.username..request.password..salt)} -- iotos_user = request.username
local db = sysdb();
if db == nil then return fail("Cannot setup session") end
local cond = {exp= {["="] = { sessionid = cookie.sessionid }}}