TSession TSessionCookieStore::find(const QByteArray &id, const QDateTime &)
{
TSession session;
if (id.isEmpty())
return session;
QList<QByteArray> balst = id.split('_');
if (balst.count() == 2 && !balst.value(0).isEmpty() && !balst.value(1).isEmpty()) {
QByteArray ba = QByteArray::fromHex(balst.value(0));
QByteArray digest = QCryptographicHash::hash(ba + Tf::app()->appSettings().value("Session.Secret").toByteArray(),
QCryptographicHash::Sha1);
if (digest != QByteArray::fromHex(balst.value(1))) {
tSystemWarn("Recieved a tampered cookie or that of other web application.");
//throw SecurityException("Tampered with cookie", __FILE__, __LINE__);
return session;
}
QDataStream ds(&ba, QIODevice::ReadOnly);
ds >> *static_cast<QVariantHash *>(&session);
if (ds.status() != QDataStream::Ok) {
tSystemError("Unable to load a session from the cookie store.");
session.clear();
}
}
