* FormsAuthentication.cs: the init_vector must be the same accross
restarts, otherwise the cookie does not work even when a decryption
key is provided. Initialize it to the bytes of the cookie name. Fixes
bug #75635.
svn path=/trunk/mcs/; revision=47700
+2005-07-26 Gonzalo Paniagua Javier <gonzalo@ximian.com>
+
+ * FormsAuthentication.cs: the init_vector must be the same accross
+ restarts, otherwise the cookie does not work even when a decryption
+ key is provided. Initialize it to the bytes of the cookie name. Fixes
+ bug #75635.
+
2005-07-25 Eyal Alaluf <eyala@mainsoft.com>
+
* FormsAuthenticationModule.cs: Check for null config
2005-07-25 Gonzalo Paniagua Javier <gonzalo@ximian.com>
slidingExpiration = true;
#endif
}
- TripleDESCryptoServiceProvider tDES = new TripleDESCryptoServiceProvider ();
- tDES.GenerateIV ();
- init_vector = tDES.IV;
+
+ // IV is 8 bytes long for 3DES
+ init_vector = new byte [8];
+ int len = cookieName.Length;
+ for (int i = 0; i < 8; i++) {
+ if (i >= len)
+ break;
+
+ init_vector [i] = (byte) cookieName [i];
+ }
+
initialized = true;
}
}