diff options
| author | ArthurHoaro <arthur@hoa.ro> | 2018-07-17 14:13:37 +0200 |
|---|---|---|
| committer | ArthurHoaro <arthur@hoa.ro> | 2018-07-17 14:13:37 +0200 |
| commit | d9ba1cdd44a7eec9e7f4d429087c6ba838ad473e (patch) | |
| tree | 5be107b1b06cc9fbaeec32679474816d6469748e /application/security | |
| parent | 5d32c50ad70a659a6c86b80fa65d7ec41e045b1e (diff) | |
| download | Shaarli-d9ba1cdd44a7eec9e7f4d429087c6ba838ad473e.tar.gz Shaarli-d9ba1cdd44a7eec9e7f4d429087c6ba838ad473e.tar.zst Shaarli-d9ba1cdd44a7eec9e7f4d429087c6ba838ad473e.zip | |
Do not check the IP address with session protection disabled
This allows the user to stay logged in if his IP changes.
Fixes #1106
Diffstat (limited to 'application/security')
| -rw-r--r-- | application/security/LoginManager.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php index d6784d6d..5a58926d 100644 --- a/application/security/LoginManager.php +++ b/application/security/LoginManager.php | |||
| @@ -58,6 +58,9 @@ class LoginManager | |||
| 58 | */ | 58 | */ |
| 59 | public function generateStaySignedInToken($clientIpAddress) | 59 | public function generateStaySignedInToken($clientIpAddress) |
| 60 | { | 60 | { |
| 61 | if ($this->configManager->get('security.session_protection_disabled') === true) { | ||
| 62 | $clientIpAddress = ''; | ||
| 63 | } | ||
| 61 | $this->staySignedInToken = sha1( | 64 | $this->staySignedInToken = sha1( |
| 62 | $this->configManager->get('credentials.hash') | 65 | $this->configManager->get('credentials.hash') |
| 63 | . $clientIpAddress | 66 | . $clientIpAddress |