From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 16 Oct 2018 09:12:07 +0000 (+0300)
Subject: remove session REMOTE_ADDR checks
X-Git-Tag: 18.12~53
X-Git-Url: https://git.wh0rd.org/?p=tt-rss.git;a=commitdiff_plain;h=d246fb9fe1f18eb98037758f1b7369b34258fbf7

remove session REMOTE_ADDR checks
---

diff --git a/include/sessions.php b/include/sessions.php
index b79988d9..5584c25b 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -49,15 +49,8 @@
 
 		if ($_SESSION["uid"]) {
 
-			if (!defined('_SKIP_SESSION_ADDRESS_CHECKS') || !_SKIP_SESSION_ADDRESS_CHECKS) {
-				if ($_SESSION["ip_address"] != $_SERVER["REMOTE_ADDR"]) {
-					$_SESSION["login_error_msg"] = __("Session failed to validate.");
-					return false;
-				}
-			}
-
 			if ($_SESSION["user_agent"] != sha1($_SERVER['HTTP_USER_AGENT'])) {
-				$_SESSION["login_error_msg"] = __("Session failed to validate.");
+				$_SESSION["login_error_msg"] = __("Session failed to validate (UA changed).");
 				return false;
 			}