From 03fadc64478af584af7da765db185556b5e93a31 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Thu, 15 Jan 2026 13:21:24 -0600
Subject: Remove unused, sensitive data.

We were not using this data, stored in the session. It is sensitive
data, therefore, we avoid collecting it in the first place.
---
 uploader/session.py | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'uploader/session.py')

diff --git a/uploader/session.py b/uploader/session.py
index 9cb305b..1dcf8ac 100644
--- a/uploader/session.py
+++ b/uploader/session.py
@@ -25,8 +25,6 @@ class SessionInfo(TypedDict):
     session_id: UUID
     user: UserDetails
     anon_id: UUID
-    user_agent: str
-    ip_addr: str
     masquerade: Optional[UserDetails]
     auth_server_jwks: Optional[dict[str, Any]]
 
@@ -69,9 +67,6 @@ def session_info() -> SessionInfo:
                 "logged_in": False
             },
             "anon_id": anon_id,
-            "user_agent": request.headers.get("User-Agent"),
-            "ip_addr": request.environ.get("HTTP_X_FORWARDED_FOR",
-                                           request.remote_addr),
             "masquerading": None
         }))
 
-- 
cgit 1.4.1