diff options
Diffstat (limited to 'include/auth.php')
| -rw-r--r-- | include/auth.php | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/include/auth.php b/include/auth.php index 1341f3bb8..cba6a67a7 100644 --- a/include/auth.php +++ b/include/auth.php @@ -11,6 +11,13 @@ function nuke_session() { unset($_SESSION['cid']); unset($_SESSION['theme']); unset($_SESSION['page_flags']); + unset($_SESSION['submanage']); + unset($_SESSION['my_url']); + unset($_SESSION['my_address']); + unset($_SESSION['addr']); + unset($_SESSION['return_url']); + unset($_SESSION['theme']); + unset($_SESSION['page_flags']); } @@ -46,6 +53,8 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p $check = get_config('system','paranoia'); // extra paranoia - if the IP changed, log them out if($check && ($_SESSION['addr'] != $_SERVER['REMOTE_ADDR'])) { + logger('Session address changed. Paranoid setting in effect, blocking session. ' + . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); nuke_session(); goaway(z_root()); } |