TSession TSessionCookieStore::find(const QByteArray &id, const QDateTime &) { TSession session; if (id.isEmpty()) return session; QList<QByteArray> balst = id.split('_'); if (balst.count() == 2 && !balst.value(0).isEmpty() && !balst.value(1).isEmpty()) { QByteArray ba = QByteArray::fromHex(balst.value(0)); QByteArray digest = QCryptographicHash::hash(ba + Tf::app()->appSettings().value("Session.Secret").toByteArray(), QCryptographicHash::Sha1); if (digest != QByteArray::fromHex(balst.value(1))) { tSystemWarn("Recieved a tampered cookie or that of other web application."); //throw SecurityException("Tampered with cookie", __FILE__, __LINE__); return session; } QDataStream ds(&ba, QIODevice::ReadOnly); ds >> *static_cast<QVariantHash *>(&session); if (ds.status() != QDataStream::Ok) { tSystemError("Unable to load a session from the cookie store."); session.clear(); } }