Browser fingerprinting

Browser fingerprinting is a process by which an identifier is generated from information retrieved from the browser and device a user uses to access a site, that is unique to that device.

This prevents a malicious third party from being able to hijack your session during a man in the middle attack.


The configuration of browser fingerprinting is within config/fingerprinting.xml.

The default configuration is shown below:

<?xml version="1.0" encoding="utf-8" ?>
<system xmlns:config="">
    <filters config:type="array">
        <!-- Empty key is GLOBAL settings. Items are checked IN ORDER. Item value is ENABLED metrics -->
        <item key="10.0">HTTP_USER_AGENT,HTTP_ACCEPT_LANGUAGE</item>

Session interactions

The application generates a fingerprint when a page is accessed. It then compares this fingerprint with the fingerprint stored with the session. If the fingerprint has changed, the session is destroyed to prevent a third party gaining access to another user's details.

results matching ""

    No results matching ""