From d246fb9fe1f18eb98037758f1b7369b34258fbf7 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 16 Oct 2018 12:12:07 +0300 Subject: [PATCH] remove session REMOTE_ADDR checks --- include/sessions.php | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/include/sessions.php b/include/sessions.php index b79988d9..5584c25b 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -49,15 +49,8 @@ if ($_SESSION["uid"]) { - if (!defined('_SKIP_SESSION_ADDRESS_CHECKS') || !_SKIP_SESSION_ADDRESS_CHECKS) { - if ($_SESSION["ip_address"] != $_SERVER["REMOTE_ADDR"]) { - $_SESSION["login_error_msg"] = __("Session failed to validate."); - return false; - } - } - if ($_SESSION["user_agent"] != sha1($_SERVER['HTTP_USER_AGENT'])) { - $_SESSION["login_error_msg"] = __("Session failed to validate."); + $_SESSION["login_error_msg"] = __("Session failed to validate (UA changed)."); return false; } -- 2.39.5