Actions
Task #79164
closed
Remove user agent locking for sessions
Status:
Rejected
Priority:
Could have
Assignee:
-
Category:
-
Target version:
-
Start date:
2017-01-05
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
easy
Sprint Focus:
Description
It is currently possible to lock a user session to a user agent using $GLOBALS['TYPO3_CONF_VARS'][$loginType]['lockHashKeyWords'].
However, user agents are no means of security and can be trivially spoofed by an attacker.
As of TYPO3 8.5 only 'useragent' is accepted in $GLOBALS['TYPO3_CONF_VARS'][$loginType]['lockHashKeyWords'], which can be considered removed.
IP protection should not be affected by this
Updated by
Actions