| /trunk/includes/classes/OIDplusSessionHandler.class.php |
|---|
| 69,7 → 69,12 |
| } else { |
| if ($_SERVER['REMOTE_ADDR'] != $_SESSION['ip']) { |
| // Was the session hijacked?! Get out of here! |
| $this->destroySession(); |
| // We don't use $this->destroySession(), because this calls sessionSafeStart() again |
| $_SESSION = array(); |
| session_destroy(); |
| session_write_close(); |
| setcookie(session_name(), "", time()-3600, ini_get('session.cookie_path')); // remove cookie, so GDPR people are happy |
| } |
| } |
| } |