From 0c2c36ff3b0329ff849930d0403f933653a84dcd Mon Sep 17 00:00:00 2001 From: brettp Date: Fri, 14 May 2010 20:50:34 +0000 Subject: Merged 5928-6908 from 1.7 branch to trunk. git-svn-id: http://code.elgg.org/elgg/trunk@6059 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/sessions.php | 21 --------------------- 1 file changed, 21 deletions(-) (limited to 'engine/lib/sessions.php') diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index ffea2dcc2..b74b2f524 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -459,17 +459,6 @@ function logout() { return TRUE; } -/** - * Returns a fingerprint for an elgg session. - * - * @return string - */ -function get_session_fingerprint() { - global $CONFIG; - - return md5($_SERVER['HTTP_USER_AGENT'] . get_site_secret()); -} - /** * Initialises the system session and potentially logs the user in * @@ -505,16 +494,6 @@ function session_init($event, $object_type, $object) { session_name('Elgg'); session_start(); - // Do some sanity checking by generating a fingerprint (makes some XSS attacks harder) - if (isset($_SESSION['__elgg_fingerprint'])) { - if ($_SESSION['__elgg_fingerprint'] != get_session_fingerprint()) { - session_destroy(); - return false; - } - } else { - $_SESSION['__elgg_fingerprint'] = get_session_fingerprint(); - } - // Generate a simple token (private from potentially public session id) if (!isset($_SESSION['__elgg_session'])) { $_SESSION['__elgg_session'] = md5(microtime().rand()); -- cgit v1.2.3