Merged 5928-6908 from 1.7 branch to trunk.

git-svn-id: http://code.elgg.org/elgg/trunk@6059 36083f99-b078-4883-b0ff-0f9b5a30f544

1 files changed, 0 insertions, 21 deletions

diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index ffea2dcc2..b74b2f524 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -460,17 +460,6 @@ function logout() {
 }
 
 /**
- * Returns a fingerprint for an elgg session.
- *
- * @return string
- */
-function get_session_fingerprint() {
-	global $CONFIG;
-
-	return md5($_SERVER['HTTP_USER_AGENT'] . get_site_secret());
-}
-
-/**
  * Initialises the system session and potentially logs the user in
  *
  * This function looks for:
@@ -505,16 +494,6 @@ function session_init($event, $object_type, $object) {
 	session_name('Elgg');
 	session_start();
 
-	// Do some sanity checking by generating a fingerprint (makes some XSS attacks harder)
-	if (isset($_SESSION['__elgg_fingerprint'])) {
-		if ($_SESSION['__elgg_fingerprint'] != get_session_fingerprint()) {
-			session_destroy();
-			return false;
-		}
-	} else {
-		$_SESSION['__elgg_fingerprint'] = get_session_fingerprint();
-	}
-
 	// Generate a simple token (private from potentially public session id)
 	if (!isset($_SESSION['__elgg_session'])) {
 		$_SESSION['__elgg_session'] = md5(microtime().rand());