From 676e87ccfae0d8a951b10145b41e13d2c5ccfe02 Mon Sep 17 00:00:00 2001 From: marcus Date: Sun, 31 Aug 2008 20:00:41 +0000 Subject: Some session fingerprinting code. Requires user agent to be consistent across requests. git-svn-id: https://code.elgg.org/elgg/trunk@2047 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/actions.php | 5 ++++- engine/lib/sessions.php | 23 ++++++++++++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) (limited to 'engine/lib') diff --git a/engine/lib/actions.php b/engine/lib/actions.php index 28a16c403..76913f2b4 100644 --- a/engine/lib/actions.php +++ b/engine/lib/actions.php @@ -174,8 +174,11 @@ // Current session id $session_id = session_id(); + // Get user agent + $ua = $_SERVER['HTTP_USER_AGENT']; + if (($site_secret) && ($session_id)) - return md5($site_secret.$timestamp.$session_id); + return md5($site_secret.$timestamp.$session_id.$ua); return false; } diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index c6ae6f8d4..0a35fec1a 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -162,6 +162,13 @@ session_destroy(); return true; + } + + function get_session_fingerprint() + { + global $CONFIG; + + return md5($_SERVER['HTTP_USER_AGENT'] ); } /** @@ -182,7 +189,21 @@ if (!is_db_installed()) return false; session_name('Elgg'); - session_start(); + session_start(); + + // Do some sanity checking by generating a fingerprint (makes some XSS attacks harder) + if (isset($_SESSION['__elgg_fingerprint'])) + { + if ($_SESSION['__elgg_fingerprint'] != get_session_fingerprint()) + { + session_destroy(); + return false; + } + } + else + { + $_SESSION['__elgg_fingerprint'] = get_session_fingerprint(); + } if (empty($_SESSION['guid'])) { if (isset($_COOKIE['elggperm'])) { -- cgit v1.2.3