diff --git a/APPL/Shared/Common.inc b/APPL/Shared/Common.inc
index bfd2df7a76..1b8e8462e0 100644
--- a/APPL/Shared/Common.inc
+++ b/APPL/Shared/Common.inc
@@ -232,7 +232,9 @@ else
 if (S("sys_ip_lockmode") > 0)
 {
     var ip = String(Request.ServerVariables("REMOTE_ADDR"));
-    if (Session("last_ip") && Session("last_ip") != ip)
+    // We zijn relatief flexibel: de laatste 16 bit wijzigen staan we toe
+    // Deze bescherming tegen session hijacking is dus maar heel beperkt
+    if (Session("last_ip") && Session("last_ip") != ip && !IP.inSubnet(Session("last_ip"), ip + "/16"))
     {
         var agent = String(Request.ServerVariables("HTTP_USER_AGENT"));
         __DoLog("Unexpected ip-change from {0} to {1}\n{2}".format(Session("last_ip"), ip, agent), "#0ff");