CodeIgniter 2.2.0 HMAC Mismatch Error

Question

CodeIgniter 2.2.0 HMAC Mismatch Error

UPDATE: Even after downloading the “fixed” 2.2.0, the update log files are still populated:

Session: HMAC Mismatch. Session cookie data did not match what was expected.

After upgrading from CodeIgniter 2.1.3 to 2.2.0, I get an error message:

Session: HMAC Mismatch. Session cookie data did not match what was expected.

Mcrypt extension is included. If I set $ config ['sess_encrypt_cookie'] = FALSE; (not an option for production), no errors. Any help was greatly appreciated.

+7

php codeigniter hmac codeigniter-2

suncoastkid Jun 09 '14 at 13:49

source share

4 answers

Download the CI 2.2 archive, it has been re-marked and replaced.

+3

Narf Jun 09 '14 at 14:57

source share

in the function system / libraries / Sessions.php the _set_cookie function:

 if ($this->sess_encrypt_cookie == TRUE) { $cookie_data = $this->CI->encrypt->encode($cookie_data); } else { // if encryption is not used, we provide an md5 hash to prevent userside tampering $cookie_data .= hash_hmac('sha1', $cookie_data, $this->encryption_key); }

in

 if ($this->sess_encrypt_cookie == TRUE) { $cookie_data = $this->CI->encrypt->encode($cookie_data); } $cookie_data .= hash_hmac('sha1', $cookie_data, $this->encryption_key);

to see if it works.

see https://github.com/EllisLab/CodeIgniter/issues/3086

+1

Josh Jun 09 '14 at 14:45

source share

In addition to the above correction, I needed to change the following line:

 if ($key === $sess_cookie_name && config_item('sess_encrypt_cookie'))

To:

 if ($key === config_item('cookie_prefix') . $sess_cookie_name && config_item('sess_encrypt_cookie'))

Hope this helps, Best regards.

0

Éderson Fernandes Nov 09 '17 at 10:58

source share

Sanggoo · Accepted Answer · 2014-08-12T09:10:44+0000

CI_Input function → _ sanitize_globals () sometimes interrupts the encrypted session to fix this problem I changed /system/core/Input.php(version 2.2, line 636)

$_COOKIE[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);

to

 if(!(config_item('sess_encrypt_cookie') === TRUE) || $key!=config_item('sess_cookie_name')) $_COOKIE[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);

CodeIgniter 2.2.0 HMAC Mismatch Error

More articles: