aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/config_default.inc.php4
-rw-r--r--include/functions_session.inc.php7
2 files changed, 11 insertions, 0 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index 121221c2d..b093e2bd1 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -405,6 +405,10 @@ $conf['remember_me_length'] = 5184000;
// session_length : time of validity for normal session, in seconds.
$conf['session_length'] = 3600;
+// session_use_ip_address: avoid session hijacking by using a part of the IP
+// address
+$conf['session_use_ip_address'] = true;
+
// +-----------------------------------------------------------------------+
// | debug/performance |
// +-----------------------------------------------------------------------+
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index 22bc57d50..a292a53e5 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -94,6 +94,13 @@ function pwg_session_close()
function get_remote_addr_session_hash()
{
+ global $conf;
+
+ if (!$conf['session_use_ip_address'])
+ {
+ return '';
+ }
+
if (strpos($_SERVER['REMOTE_ADDR'],':')===false)
{//ipv4
return vsprintf(