validate_session: check for user agent

author: Andrew Dolgov <fox@madoka.volgo-balt.ru> 2013-04-01 18:22:07 +0400
committer: Andrew Dolgov <fox@madoka.volgo-balt.ru> 2013-04-01 18:22:07 +0400
commit: 837ec70e3ee4378f4d7a0a616ad0f291b311152a (patch)
tree: 51a3728d0a78fea402bfc96216721b2825874463 /include/sessions.php
parent: 52039010366520b842a250e8907c49b02fa9d03d (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/include/sessions.php b/include/sessions.php
index 81a5a7383..778d00e3a 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -57,6 +57,9 @@
 		if ($_SESSION["ref_schema_version"] != session_get_schema_version($link, true))
 			return false;
 
+		if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"])
+			return false;
+
 		if ($_SESSION["uid"]) {
 			$result = db_query($link,
 				"SELECT pwd_hash FROM ttrss_users WHERE id = '".$_SESSION["uid"]."'");
author	Andrew Dolgov <fox@madoka.volgo-balt.ru>	2013-04-01 18:22:07 +0400
committer	Andrew Dolgov <fox@madoka.volgo-balt.ru>	2013-04-01 18:22:07 +0400
commit	837ec70e3ee4378f4d7a0a616ad0f291b311152a (patch)
tree	51a3728d0a78fea402bfc96216721b2825874463 /include/sessions.php
parent	52039010366520b842a250e8907c49b02fa9d03d (diff)