remove session REMOTE_ADDR checks

author Andrew Dolgov <noreply@fakecake.org>

Tue, 16 Oct 2018 09:12:07 +0000 (12:12 +0300)

committer Andrew Dolgov <noreply@fakecake.org>

Tue, 16 Oct 2018 09:12:07 +0000 (12:12 +0300)
author Andrew Dolgov <noreply@fakecake.org>
Tue, 16 Oct 2018 09:12:07 +0000 (12:12 +0300)
committer Andrew Dolgov <noreply@fakecake.org>
Tue, 16 Oct 2018 09:12:07 +0000 (12:12 +0300)
diff --git a/include/sessions.php b/include/sessions.php

index b79988d987d2d033b6016694a6c9b49adb836923..5584c25bdbff3fd3ea446069c2a1e60d30f9bad9 100644 (file)
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -49,15 +49,8 @@
  
                 if ($_SESSION["uid"]) {
  
-                       if (!defined('_SKIP_SESSION_ADDRESS_CHECKS') || !_SKIP_SESSION_ADDRESS_CHECKS) {
-                               if ($_SESSION["ip_address"] != $_SERVER["REMOTE_ADDR"]) {
-                                       $_SESSION["login_error_msg"] = __("Session failed to validate.");
-                                       return false;
-                               }
-                       }
-
                         if ($_SESSION["user_agent"] != sha1($_SERVER['HTTP_USER_AGENT'])) {
-                               $_SESSION["login_error_msg"] = __("Session failed to validate.");
+                               $_SESSION["login_error_msg"] = __("Session failed to validate (UA changed).");
                                 return false;
                         }
author	Andrew Dolgov <noreply@fakecake.org>
	Tue, 16 Oct 2018 09:12:07 +0000 (12:12 +0300)
committer	Andrew Dolgov <noreply@fakecake.org>
	Tue, 16 Oct 2018 09:12:07 +0000 (12:12 +0300)