MyShaarli/tests/security
VirtualTam ebf6151738 SessionManager: remove unused UID token
There already are dedicated tokens for:
- CSRF protection
- user stay-signed-in feature, via cookie

This token was most likely intended as a randomly generated,
server-side, secret key to be used when generating hashes.

See http://sebsauvage.net/wiki/doku.php?id=php:session [FR]

Relevant section:

  Une clé secrète unique aléatoire est générée côté serveur (et jamais
  envoyée). Elle peut servir pour signer les formulaires (HMAC) ou
  générer des token de formulaires (protection contre XSRF).
  Voir $_SESSION['uid'].

Translation:

  A unique, server-side secret key is randomly generated (and never
  transmitted). It can be used to sign forms (HMAC) or generate form
  tokens (protection against XSRF).
  See $_SESSION['uid']

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
..
LoginManagerTest.php Refactor LoginManager stay-signed-in token management 2018-06-02 16:46:06 +02:00
SessionManagerTest.php SessionManager: remove unused UID token 2018-06-02 16:46:06 +02:00