symfony · nicolas-grekas · Jan 20, 2020 · Jan 14, 2020
diff --git a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
@@ -91,12 +91,12 @@ protected function onLoginSuccess(Request $request, Response $response, TokenInt
    /**
     * Generates the cookie value.
     *
-     * @param int    $expires  The Unix timestamp when the cookie expires
-     * @param string $password The encoded password
+     * @param int         $expires  The Unix timestamp when the cookie expires
+     * @param string|null $password The encoded password
     *
     * @return string
     */
-    protected function generateCookieValue(string $class, string $username, int $expires, string $password)
+    protected function generateCookieValue(string $class, string $username, int $expires, ?string $password)
    {
        // $username is encoded because it might contain COOKIE_DELIMITER,
        // we assume other values don't
@@ -111,12 +111,12 @@ protected function generateCookieValue(string $class, string $username, int $exp
    /**
     * Generates a hash for the cookie to ensure it is not being tampered with.
     *
-     * @param int    $expires  The Unix timestamp when the cookie expires
-     * @param string $password The encoded password
+     * @param int         $expires  The Unix timestamp when the cookie expires
+     * @param string|null $password The encoded password
     *
     * @return string
     */
-    protected function generateCookieHash(string $class, string $username, int $expires, string $password)
+    protected function generateCookieHash(string $class, string $username, int $expires, ?string $password)
    {
        return hash_hmac('sha256', $class.self::COOKIE_DELIMITER.$username.self::COOKIE_DELIMITER.$expires.self::COOKIE_DELIMITER.$password, $this->getSecret());
    }