feature 2783: ability to disable ip address in the session id

git-svn-id: http://piwigo.org/svn/trunk@18850 68402e56-0260-453c-a942-63ccdbb3a9ee
author: plegall <plg@piwigo.org> 2012-11-01 09:18:03 +0000
committer: plegall <plg@piwigo.org> 2012-11-01 09:18:03 +0000
commit: 200f22e82bbea3291a197c2a0058cfc7fbb59676 (patch)
tree: 903772f56bb692851ca7a814472a6179c3871529
parent: a715d83cad37fdaaf0bcae68bcfb6873f530e773 (diff)
2 files changed, 11 insertions, 0 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index 121221c2d..b093e2bd1 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -405,6 +405,10 @@ $conf['remember_me_length'] = 5184000;
 // session_length : time of validity for normal session, in seconds.
 $conf['session_length'] = 3600;
 
+// session_use_ip_address: avoid session hijacking by using a part of the IP
+// address
+$conf['session_use_ip_address'] = true;
+
 // +-----------------------------------------------------------------------+
 // |                            debug/performance                          |
 // +-----------------------------------------------------------------------+
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index 22bc57d50..a292a53e5 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -94,6 +94,13 @@ function pwg_session_close()
 
 function get_remote_addr_session_hash()
 {
+  global $conf;
+
+  if (!$conf['session_use_ip_address'])
+  {
+    return '';
+  }
+  
   if (strpos($_SERVER['REMOTE_ADDR'],':')===false)
   {//ipv4
     return vsprintf(
author	plegall <plg@piwigo.org>	2012-11-01 09:18:03 +0000
committer	plegall <plg@piwigo.org>	2012-11-01 09:18:03 +0000
commit	200f22e82bbea3291a197c2a0058cfc7fbb59676 (patch)
tree	903772f56bb692851ca7a814472a6179c3871529
parent	a715d83cad37fdaaf0bcae68bcfb6873f530e773 (diff)