FSN#37537 PENTEST PINE 4.7.15: External session hijacking voorkomen

svn path=/Website/trunk/; revision=31763

APPL/Shared/Common.inc

@@ -232,10 +232,11 @@ else
 if (S("sys_ip_lockmode") > 0)
 {
     var ip = String(Request.ServerVariables("REMOTE_ADDR"));
-    if (Session("last_ip") != ip)
+    if (Session("last_ip") && Session("last_ip") != ip)
     {
         __DoLog("Unexpected ip-change from {0} to {1}".format(Session("last_ip"), ip), "#0ff");
         // Simuleer logoff
+        Session.Contents.Remove("last_ip");
         Session("user_key")=user_key=-1; // geen remove hier, anders grijpt SSO direct weer in
     }
 }