X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=include%2Fsessions.php;h=5584c25bdbff3fd3ea446069c2a1e60d30f9bad9;hb=d246fb9fe1f18eb98037758f1b7369b34258fbf7;hp=c80c21de3a24cc6314f4fe8164c0313363f29cfb;hpb=f70d456a5bc509e56991195a2f003cf2714d0e13;p=tt-rss.git

diff --git a/include/sessions.php b/include/sessions.php
index c80c21de..5584c25b 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -13,7 +13,6 @@
 	$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
 
 	if (is_server_https()) {
-		$session_name .= "_ssl";
 		ini_set("session.cookie_secure", true);
 	}
 
@@ -49,6 +48,12 @@
         $pdo = Db::pdo();
 
 		if ($_SESSION["uid"]) {
+
+			if ($_SESSION["user_agent"] != sha1($_SERVER['HTTP_USER_AGENT'])) {
+				$_SESSION["login_error_msg"] = __("Session failed to validate (UA changed).");
+				return false;
+			}
+
 			$sth = $pdo->prepare("SELECT pwd_hash FROM ttrss_users WHERE id = ?");
 			$sth->execute([$_SESSION['uid']]);