diff options
author | VirtualTam <virtualtam@flibidi.net> | 2018-05-10 13:07:51 +0200 |
---|---|---|
committer | VirtualTam <virtualtam@flibidi.net> | 2018-06-02 16:46:06 +0200 |
commit | ebf615173824a46de82fa97a165bcfd883db15ce (patch) | |
tree | 26374298b3c7f2009ef939c5d5e3d787938581be /doc | |
parent | c689e108639a4f6aa9e15928422e14db7cbe30ca (diff) | |
download | Shaarli-ebf615173824a46de82fa97a165bcfd883db15ce.tar.gz Shaarli-ebf615173824a46de82fa97a165bcfd883db15ce.tar.zst Shaarli-ebf615173824a46de82fa97a165bcfd883db15ce.zip |
SessionManager: remove unused UID token
There already are dedicated tokens for:
- CSRF protection
- user stay-signed-in feature, via cookie
This token was most likely intended as a randomly generated,
server-side, secret key to be used when generating hashes.
See http://sebsauvage.net/wiki/doku.php?id=php:session [FR]
Relevant section:
Une clé secrète unique aléatoire est générée côté serveur (et jamais
envoyée). Elle peut servir pour signer les formulaires (HMAC) ou
générer des token de formulaires (protection contre XSRF).
Voir $_SESSION['uid'].
Translation:
A unique, server-side secret key is randomly generated (and never
transmitted). It can be used to sign forms (HMAC) or generate form
tokens (protection against XSRF).
See $_SESSION['uid']
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'doc')
0 files changed, 0 insertions, 0 deletions