Thread: Invalid Session - IMPORTANT INFORMATION
View Single Post
  #4 (permalink)  
Old 06-15-2003, 01:33 PM
chatserv chatserv is offline
Moderator
  
Join Date: Jan 2003
Posts: 338
The AOL workaround was not included with any of the fix patches because it is a ISP specific problem and does not affect everyone, in all fairness anyone having this problem can solve it by changing lines 323 and 324 of includes/sessions.php from:
Code:
 
                        $ip_check_s = substr($userdata['session_ip'], 0, 6);
                        $ip_check_u = substr($user_ip, 0, 6);
to:
Code:
 
                        $ip_check_s = substr($userdata['session_ip'], 0, 4);
                        $ip_check_u = substr($user_ip, 0, 4);
Removing the session check is not something i'd suggest to anyone as their forums and/or site might be left open to attacks. Another reason why i didn't include this modification in the last patch is because it decreases the security by only checking a fraction of the ip address.
Reply With Quote