From 0b1ad742bd96d9b5c88283ab5be088a3ac0870e0 Mon Sep 17 00:00:00 2001
From: Jos Groot Lipman <jos.grootlipman@aareon.nl>
Date: Wed, 1 Feb 2017 09:47:48 +0000
Subject: [PATCH] FSN#39241 Onderste 16 bit ip-wissel altijd toestaan

svn path=/Website/branches/v2016.3/; revision=32647
---
 APPL/Shared/Common.inc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/APPL/Shared/Common.inc b/APPL/Shared/Common.inc
index bfd2df7a76..1b8e8462e0 100644
--- a/APPL/Shared/Common.inc
+++ b/APPL/Shared/Common.inc
@@ -232,7 +232,9 @@ else
 if (S("sys_ip_lockmode") > 0)
 {
     var ip = String(Request.ServerVariables("REMOTE_ADDR"));
-    if (Session("last_ip") && Session("last_ip") != ip)
+    // We zijn relatief flexibel: de laatste 16 bit wijzigen staan we toe
+    // Deze bescherming tegen session hijacking is dus maar heel beperkt
+    if (Session("last_ip") && Session("last_ip") != ip && !IP.inSubnet(Session("last_ip"), ip + "/16"))
     {
         var agent = String(Request.ServerVariables("HTTP_USER_AGENT"));
         __DoLog("Unexpected ip-change from {0} to {1}\n{2}".format(Session("last_ip"), ip, agent), "#0ff");