fix(web): support passwords up to 2048 characters

Fixes #5485
2026-05-20 10:55:25 +00:00 · 2022-03-08 16:28:21 -05:00
parent 17f1df3904
commit a965f276c8
4 changed files with 22 additions and 10 deletions
@@ -46,10 +46,13 @@
 #import "SOGoWebAuthenticator.h"

 #define COOKIE_SESSIONKEY_LEN 16
-/* the key b64 encoded key XORed with the cookie value
- * must fit in the database field which is 255 char long at the moment
+/**
+   The base64 encoded key XORed with the cookie value. It must fit in the
+   database field which is 4096 char long. The browser cookie limit is
+   about the same. The length is prior to bas64 encoding, so we must calculate
+   a 33-36% increase.
 */
-#define COOKIE_USERKEY_LEN    160
+#define COOKIE_USERKEY_LEN    3000

@implementation SOGoWebAuthenticator