Added browser check

[gosa.git] / gosa-core / include / class_session.inc

diff --git a/gosa-core/include/class_session.inc b/gosa-core/include/class_session.inc
index 4773fe17d015983240f9e792225de4bac9cc2561..145e716b22dc62c30be3bbd9bd80902fdfed80c2 100644 (file)
--- a/gosa-core/include/class_session.inc
+++ b/gosa-core/include/class_session.inc
@@ -74,6 +74,17 @@ class session {
                ini_set("session.gc_maxlifetime",24*60*60);
                session_start();
 
+    /* Check for changed browsers and bail out */
+    if (isset($_SESSION['HTTP_USER_AGENT']))
+    {
+      if ($_SESSION['HTTP_USER_AGENT'] !=  md5($_SERVER['HTTP_USER_AGENT'])) {
+        session_destroy();
+        session_start();
+      }
+    } else {
+      $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
+    }
+
     /* Regenerate ID to increase security */
     if (!isset($_SESSION['started'])){
       session_regenerate_id();