diff options
| author | plegall <plg@piwigo.org> | 2012-11-01 09:18:03 +0000 |
|---|---|---|
| committer | plegall <plg@piwigo.org> | 2012-11-01 09:18:03 +0000 |
| commit | 200f22e82bbea3291a197c2a0058cfc7fbb59676 (patch) | |
| tree | 903772f56bb692851ca7a814472a6179c3871529 | |
| parent | a715d83cad37fdaaf0bcae68bcfb6873f530e773 (diff) | |
feature 2783: ability to disable ip address in the session id
git-svn-id: http://piwigo.org/svn/trunk@18850 68402e56-0260-453c-a942-63ccdbb3a9ee
| -rw-r--r-- | include/config_default.inc.php | 4 | ||||
| -rw-r--r-- | include/functions_session.inc.php | 7 |
2 files changed, 11 insertions, 0 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php index 121221c2d..b093e2bd1 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -405,6 +405,10 @@ $conf['remember_me_length'] = 5184000; // session_length : time of validity for normal session, in seconds. $conf['session_length'] = 3600; +// session_use_ip_address: avoid session hijacking by using a part of the IP +// address +$conf['session_use_ip_address'] = true; + // +-----------------------------------------------------------------------+ // | debug/performance | // +-----------------------------------------------------------------------+ diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index 22bc57d50..a292a53e5 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -94,6 +94,13 @@ function pwg_session_close() function get_remote_addr_session_hash() { + global $conf; + + if (!$conf['session_use_ip_address']) + { + return ''; + } + if (strpos($_SERVER['REMOTE_ADDR'],':')===false) {//ipv4 return vsprintf( |