Revision c2f401aa
Von Sven Schöling vor mehr als 9 Jahren hinzugefügt
SL/Auth.pm | ||
---|---|---|
7 | 7 |
use Time::HiRes qw(gettimeofday); |
8 | 8 |
use List::MoreUtils qw(uniq); |
9 | 9 |
use YAML; |
10 |
use Regexp::IPv6 qw($IPv6_re); |
|
10 | 11 |
|
11 | 12 |
use SL::Auth::ColumnInformation; |
12 | 13 |
use SL::Auth::Constants qw(:all); |
... | ... | |
541 | 542 |
my $api_token_cookie = $self->get_api_token_cookie; |
542 | 543 |
my $cookie_is_bad = !$cookie || $cookie->{is_expired}; |
543 | 544 |
$cookie_is_bad ||= $api_token_cookie && ($api_token_cookie ne $cookie->{api_token}) if $api_token_cookie; |
544 |
$cookie_is_bad ||= $cookie->{ip_address} ne $ENV{REMOTE_ADDR} if !$api_token_cookie; |
|
545 |
$cookie_is_bad ||= $cookie->{ip_address} ne $ENV{REMOTE_ADDR} if !$api_token_cookie && $ENV{REMOTE_ADDR} !~ /^$IPv6_re$/;
|
|
545 | 546 |
if ($cookie_is_bad) { |
546 | 547 |
$self->destroy_session(); |
547 | 548 |
return $self->session_restore_result($cookie ? SESSION_EXPIRED() : SESSION_NONE()); |
Auch abrufbar als: Unified diff
Sessions: IP nicht bei IPv6 validieren.