FSN#39241 Onderste 16 bit ip-wissel altijd toestaan

svn path=/Website/branches/v2016.3/; revision=32647
2017-02-01 09:47:48 +00:00
parent 94763ac3b4
commit 0b1ad742bd
1 changed files with 3 additions and 1 deletions
--- a/APPL/Shared/Common.inc
+++ b/APPL/Shared/Common.inc
@@ -232,7 +232,9 @@ else
 if (S("sys_ip_lockmode") > 0)
 {
    var ip = String(Request.ServerVariables("REMOTE_ADDR"));
-    if (Session("last_ip") && Session("last_ip") != ip)
+    // We zijn relatief flexibel: de laatste 16 bit wijzigen staan we toe
+    // Deze bescherming tegen session hijacking is dus maar heel beperkt
+    if (Session("last_ip") && Session("last_ip") != ip && !IP.inSubnet(Session("last_ip"), ip + "/16"))
    {
        var agent = String(Request.ServerVariables("HTTP_USER_AGENT"));
        __DoLog("Unexpected ip-change from {0} to {1}\n{2}".format(Session("last_ip"), ip, agent), "#0ff");