Merge remote branch 'upstream/master'

[friendica.git] / include / auth.php

diff --git a/include/auth.php b/include/auth.php
old mode 100755 (executable)
new mode 100644 (file)
index 1341f3b..cba6a67
--- a/include/auth.php
+++ b/include/auth.php
@@ -11,6 +11,13 @@ function nuke_session() {
        unset($_SESSION['cid']);
        unset($_SESSION['theme']);
        unset($_SESSION['page_flags']);
+       unset($_SESSION['submanage']);
+       unset($_SESSION['my_url']);
+       unset($_SESSION['my_address']);
+       unset($_SESSION['addr']);
+       unset($_SESSION['return_url']);
+       unset($_SESSION['theme']);
+       unset($_SESSION['page_flags']);
 }
 
 
@@ -46,6 +53,8 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
                $check = get_config('system','paranoia');
                // extra paranoia - if the IP changed, log them out
                if($check && ($_SESSION['addr'] != $_SERVER['REMOTE_ADDR'])) {
+                       logger('Session address changed. Paranoid setting in effect, blocking session. ' 
+                               . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
                        nuke_session();
                        goaway(z_root());
                }