diff options
| author | Andreas Gohr <gohr@cosmocode.de> | 2012-10-18 16:20:28 +0200 |
|---|---|---|
| committer | Andreas Gohr <gohr@cosmocode.de> | 2012-10-18 16:20:28 +0200 |
| commit | 80b4f3761dd43d240253888985ae74cb16ef6200 (patch) | |
| tree | c046705f68d056ec9b62408529e1756419ffb127 | |
| parent | 88f7f7c824ef0874407c3bb12c116069c9039d8e (diff) | |
| download | rpg-80b4f3761dd43d240253888985ae74cb16ef6200.tar.gz rpg-80b4f3761dd43d240253888985ae74cb16ef6200.tar.bz2 | |
avoid broken browser_uid on IE
Internet Explorer 8 (and maybe others) seem to use different
capitalization in the ACCEPT_CHARSET header between "normal" requests
and AJAX requests. This causes a browser UID mismatch and thus an
unecessary reauthentication.
| -rw-r--r-- | inc/auth.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/inc/auth.php b/inc/auth.php index 99adfa791..1c8a8f5f5 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -299,7 +299,7 @@ function auth_createToken() { * * This is neither unique nor unfakable - still it adds some * security. Using the first part of the IP makes sure - * proxy farms like AOLs are stil okay. + * proxy farms like AOLs are still okay. * * @author Andreas Gohr <andi@splitbrain.org> * @@ -313,6 +313,7 @@ function auth_browseruid() { $uid .= $_SERVER['HTTP_ACCEPT_LANGUAGE']; $uid .= $_SERVER['HTTP_ACCEPT_CHARSET']; $uid .= substr($ip, 0, strpos($ip, '.')); + $uid = strtolower($uid); return md5($uid); } |