sessions: stop validating against hash of user agent because chromium is sending

different agent headers for whatever reason, example: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36 Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36 seems to be related, at least, to App.postOpenWindow() hack.
2025-12-13 03:15:56 +00:00 · 2021-03-05 12:27:23 +03:00
parent 98c75a9e43
commit fe06416f17
2 changed files with 2 additions and 20 deletions
--- a/classes/userhelper.php
+++ b/classes/userhelper.php
@@ -48,7 +48,6 @@ class UserHelper {
 					$_SESSION["access_level"] = $user->access_level;
 					$_SESSION["csrf_token"] = bin2hex(get_random_bytes(16));
 					$_SESSION["ip_address"] = UserHelper::get_user_ip();
-					$_SESSION["user_agent"] = sha1($_SERVER['HTTP_USER_AGENT']);
 					$_SESSION["pwd_hash"] = $user->pwd_hash;

 					$user->last_login = Db::NOW();