Changeset 18850


Ignore:
Timestamp:
Nov 1, 2012, 10:18:03 AM (11 years ago)
Author:
plg
Message:

feature 2783: ability to disable ip address in the session id

Location:
trunk/include
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/config_default.inc.php

    r18637 r18850  
    405405// session_length : time of validity for normal session, in seconds.
    406406$conf['session_length'] = 3600;
     407
     408// session_use_ip_address: avoid session hijacking by using a part of the IP
     409// address
     410$conf['session_use_ip_address'] = true;
    407411
    408412// +-----------------------------------------------------------------------+

  • trunk/include/functions_session.inc.php

    r12922 r18850  
    9595function get_remote_addr_session_hash()
    9696{
     97  global $conf;
     98
     99  if (!$conf['session_use_ip_address'])
     100  {
     101    return '';
     102  }
     103 
    97104  if (strpos($_SERVER['REMOTE_ADDR'],':')===false)
    98105  {//ipv4
Note: See TracChangeset for help on using the changeset viewer.