How is it created user_extension_key in database?

adekkpl

Hi, out of curiosity, I was tracking the login.php code for TIFlow and I absolutely can't figure out where the value in the 'user_extension_key' field in the 'users' table comes from. It is used during login but only if it exists; there is no condition that would create this value if it's missing. Is this a bug or hardcoded?
login.php

// Setup extension            
         if (isset($row['user_extension_key']) && !empty($row['user_extension_key'])) {
                // Extension cookie
                // Note: Browsers don't accept cookies with SameSite None if they are not HTTPS.
                setcookie("user_extension_key", "$row[user_extension_key]", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']);
                // Set PHP session in DB, so we can access the session encryption data (above)
                $user_php_session = session_id();
                mysqli_query($mysqli, "UPDATE users SET user_php_session = '$user_php_session' WHERE user_id = $user_id");
            }

wrongecho

We started developing a browser extension to allow you to auto fill login/password entries. This hasn't really been maintained or developed much beyond the proof of concept, but that field allowed the extension to access the encrypted password data.

I understand this is now broken due to changes. We may fix and develop this in the future, but no promises!

If you're interested check out: https://github.com/itflow-org/itflow/blob/master/get_credential.php