valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove session REMOTE_ADDR checks

This commit is contained in:
Andrew Dolgov 2018-10-16 12:12:07 +03:00
parent f8fc1ac543
commit d246fb9fe1
1 changed files with 1 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
include/sessions.php
View File

@ -49,15 +49,8 @@
if ($_SESSION["uid"]) { if ($_SESSION["uid"]) {
if (!defined('_SKIP_SESSION_ADDRESS_CHECKS') || !_SKIP_SESSION_ADDRESS_CHECKS) {
if ($_SESSION["ip_address"] != $_SERVER["REMOTE_ADDR"]) {
$_SESSION["login_error_msg"] = __("Session failed to validate.");
return false;
}
}
if ($_SESSION["user_agent"] != sha1($_SERVER['HTTP_USER_AGENT'])) { if ($_SESSION["user_agent"] != sha1($_SERVER['HTTP_USER_AGENT'])) {
$_SESSION["login_error_msg"] = __("Session failed to validate."); $_SESSION["login_error_msg"] = __("Session failed to validate (UA changed).");
return false; return false;
} }