Shaarli - The personal, minimalist, super-fast, database free, bookmarking service

diff options

author	VirtualTam <virtualtam@flibidi.net>	2018-05-10 13:07:51 +0200
committer	VirtualTam <virtualtam@flibidi.net>	2018-06-02 16:46:06 +0200
commit	ebf615173824a46de82fa97a165bcfd883db15ce (patch)
tree	26374298b3c7f2009ef939c5d5e3d787938581be /application/FeedBuilder.php
parent	c689e108639a4f6aa9e15928422e14db7cbe30ca (diff)
download	Shaarli-ebf615173824a46de82fa97a165bcfd883db15ce.tar.gz Shaarli-ebf615173824a46de82fa97a165bcfd883db15ce.tar.zst Shaarli-ebf615173824a46de82fa97a165bcfd883db15ce.zip

SessionManager: remove unused UID token

There already are dedicated tokens for: - CSRF protection - user stay-signed-in feature, via cookie This token was most likely intended as a randomly generated, server-side, secret key to be used when generating hashes. See http://sebsauvage.net/wiki/doku.php?id=php:session [FR] Relevant section: Une clé secrète unique aléatoire est générée côté serveur (et jamais envoyée). Elle peut servir pour signer les formulaires (HMAC) ou générer des token de formulaires (protection contre XSRF). Voir $_SESSION['uid']. Translation: A unique, server-side secret key is randomly generated (and never transmitted). It can be used to sign forms (HMAC) or generate form tokens (protection against XSRF). See $_SESSION['uid'] Signed-off-by: VirtualTam <virtualtam@flibidi.net>

Diffstat (limited to 'application/FeedBuilder.php')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: