diff --git a/functions.php b/functions.php index 7415f63e9..825b19831 100644 --- a/functions.php +++ b/functions.php @@ -873,7 +873,7 @@ } function validate_session($link) { - if (SESSION_CHECK_ADDRESS && !DATABASE_BACKED_SESSIONS && $_SESSION["uid"]) { + if (SESSION_CHECK_ADDRESS && $_SESSION["uid"]) { if ($_SESSION["ip_address"]) { if ($_SESSION["ip_address"] != $_SERVER["REMOTE_ADDR"]) { return false; diff --git a/schema/ttrss_schema_mysql.sql b/schema/ttrss_schema_mysql.sql index 7f96362b8..cb616f333 100644 --- a/schema/ttrss_schema_mysql.sql +++ b/schema/ttrss_schema_mysql.sql @@ -263,7 +263,6 @@ create table ttrss_scheduled_updates (id integer not null primary key auto_incre create table ttrss_sessions (id varchar(250) unique not null primary key, data text, expire integer not null, - ip_address varchar(15) not null default '', index (id), index (expire)) TYPE=InnoDB; diff --git a/schema/ttrss_schema_pgsql.sql b/schema/ttrss_schema_pgsql.sql index 82c5506a6..c9dfe0205 100644 --- a/schema/ttrss_schema_pgsql.sql +++ b/schema/ttrss_schema_pgsql.sql @@ -239,8 +239,7 @@ create table ttrss_scheduled_updates (id serial not null primary key, create table ttrss_sessions (id varchar(250) unique not null primary key, data text, - expire integer not null, - ip_address varchar(15) not null default ''); + expire integer not null); create index ttrss_sessions_expire_index on ttrss_sessions(expire); diff --git a/sessions.php b/sessions.php index 5b4da3a89..ae7e3ccdb 100644 --- a/sessions.php +++ b/sessions.php @@ -23,12 +23,6 @@ global $session_connection,$session_read; - $ip_address = $_SERVER["REMOTE_ADDR"]; - - if (SESSION_CHECK_ADDRESS) { - $address_check_qpart = " AND ip_address = '$ip_address'"; - } - $query = "SELECT data FROM ttrss_sessions WHERE id='$id' $address_check_qpart"; $res = db_query($session_connection, $query); @@ -54,18 +48,12 @@ $data = db_escape_string(base64_encode($data), $session_connection); - $ip_address = $_SERVER["REMOTE_ADDR"]; - - if (SESSION_CHECK_ADDRESS) { - $address_check_qpart = " AND ip_address = '$ip_address'"; - } - if ($session_read) { $query = "UPDATE ttrss_sessions SET data='$data', expire='$expire' WHERE id='$id' $address_check_qpart"; } else { - $query = "INSERT INTO ttrss_sessions (id, data, expire, ip_address) - VALUES ('$id', '$data', '$expire', '$ip_address')"; + $query = "INSERT INTO ttrss_sessions (id, data, expire) + VALUES ('$id', '$data', '$expire')"; } db_query($session_connection, $query); @@ -85,12 +73,6 @@ global $session_connection; - $ip_address = $_SERVER["REMOTE_ADDR"]; - - if (SESSION_CHECK_ADDRESS) { - $address_check_qpart = " AND ip_address = '$ip_address'"; - } - $query = "DELETE FROM ttrss_sessions WHERE id = '$id' $address_check_qpart"; db_query($session_connection, $query);