ID: 14482
Title: Use proper HMAC for cookie signing
Component: Setup
Level: 1
Class: Security fix
Version: 2.2.0i1
Previously to this Werk the Session cookies were signed with with calculating a
SHA256 hash over username, session id, a serial plus a secret. This could in
theory lead to a "partial message collision".
Since we parse the data given in the cookie and test for validity, we are
confident that such an attack is not possible. But to be future-proof we switch
to proper HMAC for signing the cookie value. This will invalidate all session
cookies for a site. Therefore all users have to reauthenticate to retrieve new
valid cookies.