From 5b1db1e725dff0b5522762bc087fd248e945a5d0 Mon Sep 17 00:00:00 2001
From: Florent Morselli <florent.morselli@spomky-labs.com>
Date: Fri, 12 Jul 2024 18:58:44 +0200
Subject: [PATCH] Update session key generation in SessionStorage

This commit changes how session keys are generated in SessionStorage. Instead of using a static value, a hash of the item's public key credential challenge is added to the session parameter to create a unique key. This enhancement should improve session data security.
---
 src/symfony/src/Security/Storage/SessionStorage.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/symfony/src/Security/Storage/SessionStorage.php b/src/symfony/src/Security/Storage/SessionStorage.php
index 250a5ea6..320e53ea 100644
--- a/src/symfony/src/Security/Storage/SessionStorage.php
+++ b/src/symfony/src/Security/Storage/SessionStorage.php
@@ -23,7 +23,11 @@ public function __construct(
     public function store(Item $item, string|null $tag = null): void
     {
         $session = $this->requestStack->getSession();
-        $key = sprintf('%s-%s', self::SESSION_PARAMETER, hash('xxh128', $item->getPublicKeyCredentialOptions()->challenge));
+        $key = sprintf(
+            '%s-%s',
+            self::SESSION_PARAMETER,
+            hash('xxh128', $item->getPublicKeyCredentialOptions()->challenge)
+        );
         $session->set($key, [
             'options' => $item->getPublicKeyCredentialOptions(),
             'userEntity' => $item->getPublicKeyCredentialUserEntity(),