Browser fingerprinting

Browser fingerprinting is a process by which an identifier is generated from information retrieved from the browser and device a user uses to access a site, that is unique to that device.

This prevents a malicious third party from being able to hijack your session during a man in the middle attack.

Configuration

The configuration of browser fingerprinting is within config/fingerprinting.xml.

The default configuration is shown below:

    <?xml version="1.0" encoding="utf-8" ?>
    <system xmlns:config="http://www.jadu.co.uk/schema/config">
        <filters config:type="array">
            <!-- Empty key is GLOBAL settings. Items are checked IN ORDER. Item value is ENABLED metrics -->
            <item key="10.0">HTTP_USER_AGENT,HTTP_ACCEPT_LANGUAGE</item>
            <item key="">HTTP_USER_AGENT,HTTP_ACCEPT_LANGUAGE,HTTP_DNT,REMOTE_ADDR</item>
        </filters>
    </system>

Session interactions

The application generates a fingerprint when a page is accessed. It then compares this fingerprint with the fingerprint stored with the session. If the fingerprint has changed, the session is destroyed to prevent a third party gaining access to another user's details.

Configuration​

Session interactions​

Configuration

Session interactions