diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/config_default.inc.php | 4 | ||||
-rw-r--r-- | include/functions_session.inc.php | 7 |
2 files changed, 11 insertions, 0 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php index 121221c2d..b093e2bd1 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -405,6 +405,10 @@ $conf['remember_me_length'] = 5184000; // session_length : time of validity for normal session, in seconds. $conf['session_length'] = 3600; +// session_use_ip_address: avoid session hijacking by using a part of the IP +// address +$conf['session_use_ip_address'] = true; + // +-----------------------------------------------------------------------+ // | debug/performance | // +-----------------------------------------------------------------------+ diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index 22bc57d50..a292a53e5 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -94,6 +94,13 @@ function pwg_session_close() function get_remote_addr_session_hash() { + global $conf; + + if (!$conf['session_use_ip_address']) + { + return ''; + } + if (strpos($_SERVER['REMOTE_ADDR'],':')===false) {//ipv4 return vsprintf( |