From 0c2c36ff3b0329ff849930d0403f933653a84dcd Mon Sep 17 00:00:00 2001
From: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Fri, 14 May 2010 20:50:34 +0000
Subject: Merged 5928-6908 from 1.7 branch to trunk.

git-svn-id: http://code.elgg.org/elgg/trunk@6059 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/sessions.php | 21 ---------------------
 1 file changed, 21 deletions(-)

(limited to 'engine/lib/sessions.php')

diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index ffea2dcc2..b74b2f524 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -459,17 +459,6 @@ function logout() {
 	return TRUE;
 }
 
-/**
- * Returns a fingerprint for an elgg session.
- *
- * @return string
- */
-function get_session_fingerprint() {
-	global $CONFIG;
-
-	return md5($_SERVER['HTTP_USER_AGENT'] . get_site_secret());
-}
-
 /**
  * Initialises the system session and potentially logs the user in
  *
@@ -505,16 +494,6 @@ function session_init($event, $object_type, $object) {
 	session_name('Elgg');
 	session_start();
 
-	// Do some sanity checking by generating a fingerprint (makes some XSS attacks harder)
-	if (isset($_SESSION['__elgg_fingerprint'])) {
-		if ($_SESSION['__elgg_fingerprint'] != get_session_fingerprint()) {
-			session_destroy();
-			return false;
-		}
-	} else {
-		$_SESSION['__elgg_fingerprint'] = get_session_fingerprint();
-	}
-
 	// Generate a simple token (private from potentially public session id)
 	if (!isset($_SESSION['__elgg_session'])) {
 		$_SESSION['__elgg_session'] = md5(microtime().rand());
-- 
cgit v1.2.3