Browser fingerprinting is a process by which an identifier is generated from information retrieved from the browser and device a user uses to access a site, that is unique to that device.
This prevents a malicious third party from being able to hijack your session during a man in the middle attack.
The configuration of browser fingerprinting is within
The default configuration is shown below:
<?xml version="1.0" encoding="utf-8" ?> <system xmlns:config="http://www.jadu.co.uk/schema/config"> <filters config:type="array"> <!-- Empty key is GLOBAL settings. Items are checked IN ORDER. Item value is ENABLED metrics --> <item key="10.0">HTTP_USER_AGENT,HTTP_ACCEPT_LANGUAGE</item> <item key="">HTTP_USER_AGENT,HTTP_ACCEPT_LANGUAGE,HTTP_DNT,REMOTE_ADDR</item> </filters> </system>
The application generates a fingerprint when a page is accessed. It then compares this fingerprint with the fingerprint stored with the session. If the fingerprint has changed, the session is destroyed to prevent a third party gaining access to another user's details.