How can I use fingerprint?

https://getkirby.com/changelog/kirby-2-4-1
https://getkirby.com/search?q=fingerprint - In the future maybe. :stuck_out_tongue:

I use Kirby 2.4.1.

It says:

Allow custom session fingerprinting to avoid session invalidation in environments, where IP addresses or User Agents change often.

My enviroment changes IP:s often. That’s why I tried to add this to my config.php.

s::$fingerprint = function() {
  return 'custom fingerprint';
}

It did not work. It says:

Parse error: syntax error, unexpected end of file in C:\xampp\htdocs\lanera.se\config\config.php

Full config.php code:

<?php
c::set('license', 'that_is_my_secret');

s::$fingerprint = function() {
  return 'jens fingerprint';
}

A few questions about it

  1. How does fingerprint work? Does it force a session somehow that never dies?
  2. What am I doing wrong in the above.
2 Likes

How about adding a semicolon at the end?

s::$fingerprint = function() {
  return 'jens fingerprint';
};
1 Like

Ahh, it was just a typo. Thanks! :slight_smile:

I added a fix for it here: https://github.com/getkirby/getkirby.com/compare/master...jenstornell:patch-1

Now I just want to know what it does:

  • Does it force a session somehow that never dies? Or add a persistent cookie, or something else? Is it some kind of handshake made?
  • Is security compromised by this?

The fingerprint is stored in the session. When the session is started, the fingerprint is checked, and if the current fingerprint is not the same as the one stored in the session, the session is destroyed.

You can test this:

  • Set your fingerprint in config.php
  • Log into Panel
  • Remove your fingerprint from config.php
  • Reload. You are logged out from Panel
2 Likes

I’m also curious about this, could the fingerprint be a dynamic value from the user object, for example? Or is it meant to be a single value for every session?

The user defined fingerprint is a callable, you should be able to generate any value you want, not only a static string.