projects / GitHub / WoltLab / WCF.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: dbaf3d3) | patch
Remove session_validate_user_agent option
authorTim Düsterhus <duesterhus@woltlab.com>
Wed, 30 Sep 2020 14:34:07 +0000 (16:34 +0200)
committerTim Düsterhus <duesterhus@woltlab.com>
Thu, 1 Oct 2020 14:09:26 +0000 (16:09 +0200)
commit8b0284c9d952b2d6f6ba184fdab6469bdbba315c
treed5707608a55f51b79beeecdcd3ba40fa65f0a033tree | snapshot (tar.gz zip)
parentdbaf3d3e4f63155efe37e2c28def48bcdf1b0640commit | diff
Remove session_validate_user_agent option

This option will not play well with long-lived user sessions and the security
benefit is roughly nil. After all almost anyone is using Google Chrome on
either Windows or Android.

Additionally since the session ID is no longer embedded within the URL losing
the session ID to a 3rd party is hard.
com.woltlab.wcf/option.xml diff | blob | blame | history
constants.php diff | blob | blame | history
wcfsetup/install/files/lib/system/WCF.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/session/SessionHandler.class.php diff | blob | blame | history
wcfsetup/install/files/options.inc.php diff | blob | blame | history
wcfsetup/install/lang/de.xml diff | blob | blame | history
wcfsetup/install/lang/en.xml diff | blob | blame | history
WoltLab Suite Core (previously WoltLab Community Framework)