aboutsummaryrefslogtreecommitdiff
path: root/engine/lib/sessions.php
diff options
context:
space:
mode:
Diffstat (limited to 'engine/lib/sessions.php')
-rw-r--r--engine/lib/sessions.php21
1 files changed, 0 insertions, 21 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index ffea2dcc2..b74b2f524 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -460,17 +460,6 @@ function logout() {
}
/**
- * Returns a fingerprint for an elgg session.
- *
- * @return string
- */
-function get_session_fingerprint() {
- global $CONFIG;
-
- return md5($_SERVER['HTTP_USER_AGENT'] . get_site_secret());
-}
-
-/**
* Initialises the system session and potentially logs the user in
*
* This function looks for:
@@ -505,16 +494,6 @@ function session_init($event, $object_type, $object) {
session_name('Elgg');
session_start();
- // Do some sanity checking by generating a fingerprint (makes some XSS attacks harder)
- if (isset($_SESSION['__elgg_fingerprint'])) {
- if ($_SESSION['__elgg_fingerprint'] != get_session_fingerprint()) {
- session_destroy();
- return false;
- }
- } else {
- $_SESSION['__elgg_fingerprint'] = get_session_fingerprint();
- }
-
// Generate a simple token (private from potentially public session id)
if (!isset($_SESSION['__elgg_session'])) {
$_SESSION['__elgg_session'] = md5(microtime().rand());
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-27 17:11:37 +0000