https://getkirby.com/changelog/kirby-2-4-1 Search | Kirby CMS - In the future maybe.
I use Kirby 2.4.1.
It says:
Allow custom session fingerprinting to avoid session invalidation in environments, where IP addresses or User Agents change often.
My enviroment changes IP:s often. That’s why I tried to add this to my config.php.
s::$fingerprint = function() {
return 'custom fingerprint';
}
It did not work. It says:
Parse error: syntax error, unexpected end of file in C:\xampp\htdocs\lanera.se\config\config.php
Full config.php code:
<?php
c::set('license', 'that_is_my_secret');
s::$fingerprint = function() {
return 'jens fingerprint';
}
How does fingerprint work? Does it force a session somehow that never dies?
What am I doing wrong in the above.
2 Likes
texnixe
December 14, 2016, 8:57pm
2
How about adding a semicolon at the end?
s::$fingerprint = function() {
return 'jens fingerprint';
};
1 Like
Ahh, it was just a typo. Thanks!
I added a fix for it here: https://github.com/getkirby/getkirby.com/compare/master...jenstornell:patch-1
Now I just want to know what it does:
Does it force a session somehow that never dies? Or add a persistent cookie, or something else? Is it some kind of handshake made?
Is security compromised by this?
texnixe
December 15, 2016, 1:59pm
4
The fingerprint is stored in the session. When the session is started, the fingerprint is checked, and if the current fingerprint is not the same as the one stored in the session, the session is destroyed.
You can test this:
Set your fingerprint in config.php
Log into Panel
Remove your fingerprint from config.php
Reload. You are logged out from Panel
2 Likes
I’m also curious about this, could the fingerprint be a dynamic value from the user object, for example? Or is it meant to be a single value for every session?
texnixe
December 16, 2016, 1:42pm
6
The user defined fingerprint is a callable, you should be able to generate any value you want, not only a static string.
