Read SMF Cookie

[Chris Santa]

Hello,
I am working on a little hobby project where I basically tries to build an API that can connect a phpBB forum with a SMF so that they basically share authentication. I have got stuck where I'm trying to read the SMF cookie and don't know how the session is generated in this cookie:


SMFCookie463=a:4:{i:0;s:1:"2";i:1;s:40:"c53398fea7f19d3b8dd36d1b94f78f16cb7d2510";i:2;i:1587979565;i:3;i:3;};

I'm specifically talking about the value "c53398fea7f19d3b8dd36d1b94f78f16cb7d2510". It looks a SHA1 hash and I first thought it was generated in the setLoginCookie function based on member id and password but now I'm just confused. Do anyone have any pointers?

[Dragooon]

From LoginOut.php:

Koodi [Valitse] Laajenna

setLoginCookie(60 * $modSettings['cookieTime'], $user_settings['id_member'], sha1($user_settings['passwd'] . $user_settings['password_salt']));
So I guess it's the password hash + salt

[Chris Santa]

Yeah, that is actually it - thank you!