diff options
author | Andrew Dolgov <[email protected]> | 2021-03-05 12:27:23 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2021-03-05 12:27:23 +0300 |
commit | fe06416f1787d27e90ad75f7c33eadd412574346 (patch) | |
tree | 97ec65f0cb115a0d3fdd821bfe36514c6b0678ca /include | |
parent | 98c75a9e433d7994548071048318cae43e2c0236 (diff) |
sessions: stop validating against hash of user agent because chromium is sending
different agent headers for whatever reason, example:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/88.0.4324.192 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/88.0.4324.104 Safari/537.36
seems to be related, at least, to App.postOpenWindow() hack.
Diffstat (limited to 'include')
-rw-r--r-- | include/sessions.php | 21 |
1 files changed, 2 insertions, 19 deletions
diff --git a/include/sessions.php b/include/sessions.php index cda42f52b..9044c609b 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -22,35 +22,18 @@ function validate_session() { if (\Config::get(\Config::SINGLE_USER_MODE)) return true; - /* if (isset($_SESSION["ref_schema_version"]) && $_SESSION["ref_schema_version"] != \Config::get_schema_version()) { - $_SESSION["login_error_msg"] = - __("Session failed to validate (schema version changed)"); - return false; - } */ - $pdo = \Db::pdo(); if (!empty($_SESSION["uid"])) { - - if ($_SESSION["user_agent"] != sha1($_SERVER['HTTP_USER_AGENT'])) { - $_SESSION["login_error_msg"] = __("Session failed to validate (UA changed)."); - return false; - } - $user = \ORM::for_table('ttrss_users')->find_one($_SESSION["uid"]); if ($user) { if ($user->pwd_hash != $_SESSION["pwd_hash"]) { - - $_SESSION["login_error_msg"] = - __("Session failed to validate (password changed)"); - + $_SESSION["login_error_msg"] = __("Session failed to validate (password changed)"); return false; } } else { - $_SESSION["login_error_msg"] = - __("Session failed to validate (user not found)"); - + $_SESSION["login_error_msg"] = __("Session failed to validate (user not found)"); return false; } } |