Merge pull request #1182 from ArthurHoaro/feature/session-protection-stay-login

[github/shaarli/Shaarli.git] / application / security / LoginManager.php

diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php
index d6784d6da6424e266a21702b7f0686746e91fe20..1ff3d0be84ad89bbdd9bec265569b53d3eef43cc 100644 (file)
--- a/application/security/LoginManager.php
+++ b/application/security/LoginManager.php
@@ -58,6 +58,9 @@ class LoginManager
      */
     public function generateStaySignedInToken($clientIpAddress)
     {
+        if ($this->configManager->get('security.session_protection_disabled') === true) {
+            $clientIpAddress = '';
+        }
         $this->staySignedInToken = sha1(
             $this->configManager->get('credentials.hash')
             . $clientIpAddress
@@ -95,7 +98,6 @@ class LoginManager
             // The user client has a valid stay-signed-in cookie
             // Session information is updated with the current client information
             $this->sessionManager->storeLoginInfo($clientIpId);
-
         } elseif ($this->sessionManager->hasSessionExpired()
             || $this->sessionManager->hasClientIpChanged($clientIpId)
         ) {