1 package BSE::SessionSign;
5 our $VERSION = "1.000";
8 my ($self, $sessionid, $when) = @_;
12 my $secret = BSE::Cfg->single->entryErr("site", "secret");
13 my $sha = Digest::SHA::sha256_base64($secret, $sessionid, $when);
15 return $when . "." . $sha;
19 my ($self, $sessionid) = @_;
23 return $self->_sign($sessionid, $now);
27 my ($self, $sessionid, $sig, $error) = @_;
30 my ($then, $sha) = split /\./, $sig, 2;
32 my $good_sig = $self->_sign($sessionid, $then);
34 if ($good_sig ne $sig) {
35 require BSE::TB::AuditLog;
36 BSE::TB::AuditLog->log
38 component => "user::setcookie",
41 msg => "Bad signature setting session cookie",
52 require BSE::TB::AuditLog;
53 unless ($then + 30 > $now) {
54 require BSE::TB::AuditLog;
55 BSE::TB::AuditLog->log
57 component => "user::setcookie",
60 msg => "Too old setting session cookie",