Additional per-session random token, additional randomness protection against CSRF. Report problems.

git-svn-id: https://code.elgg.org/elgg/trunk@2048 36083f99-b078-4883-b0ff-0f9b5a30f544
author: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> 2008-09-01 09:13:16 +0000
committer: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> 2008-09-01 09:13:16 +0000
commit: 25be923e821438abe161cf6fac734cd60dabecfa (patch)
tree: 661245d0690bc4b53c038c7c2c3aeef4566b5655 /engine/lib/sessions.php
parent: 676e87ccfae0d8a951b10145b41e13d2c5ccfe02 (diff)
download: elgg-25be923e821438abe161cf6fac734cd60dabecfa.tar.gz
elgg-25be923e821438abe161cf6fac734cd60dabecfa.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 0a35fec1a..3dd9ac9e1 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -204,6 +204,9 @@
 			{
 			    $_SESSION['__elgg_fingerprint'] = get_session_fingerprint();
 			}
+			
+			// Generate a simple token
+			if (!isset($_SESSION['__elgg_session'])) $_SESSION['__elgg_session'] = md5(microtime().rand());
 	        
 	        if (empty($_SESSION['guid'])) {
 	            if (isset($_COOKIE['elggperm'])) {
author	marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>	2008-09-01 09:13:16 +0000
committer	marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>	2008-09-01 09:13:16 +0000
commit	25be923e821438abe161cf6fac734cd60dabecfa (patch)
tree	661245d0690bc4b53c038c7c2c3aeef4566b5655 /engine/lib/sessions.php
parent	676e87ccfae0d8a951b10145b41e13d2c5ccfe02 (diff)
download	elgg-25be923e821438abe161cf6fac734cd60dabecfa.tar.gz elgg-25be923e821438abe161cf6fac734cd60dabecfa.tar.bz2