diff --git a/models/Session.php b/models/Session.php index 22e0844..ebf5bf3 100644 --- a/models/Session.php +++ b/models/Session.php @@ -12,28 +12,6 @@ class Session { session_start(); - // Resuming an existing session? Check what we know! - if (isset($_SESSION['user_id'], $_SESSION['ip_address'], $_SESSION['user_agent'])) - { - // If we're not browsing over HTTPS, protect against session hijacking. - if (!isset($_SERVER['HTTPS']) && isset($_SERVER['REMOTE_ADDR']) && $_SESSION['ip_address'] !== $_SERVER['REMOTE_ADDR']) - { - $_SESSION = []; - Dispatcher::kickGuest('Your session failed to validate', 'Your IP address has changed. Please re-login and try again.'); - } - // Either way, require re-login if the browser identifier has changed. - elseif (isset($_SERVER['HTTP_USER_AGENT']) && $_SESSION['user_agent'] !== $_SERVER['HTTP_USER_AGENT']) - { - $_SESSION = []; - Dispatcher::kickGuest('Your session failed to validate', 'Your browser identifier has changed. Please re-login and try again.'); - } - } - elseif (!isset($_SESSION['ip_address'], $_SESSION['user_agent'])) - $_SESSION = [ - 'ip_address' => isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '', - 'user_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '', - ]; - return true; }