hab jetzt folgenden check:
Code:
if($_SESSION['Expire'] < time() or $_SESSION['User_IP'] != $IP or $_SESSION['Agent'] != $_SERVER['HTTP_USER_AGENT'] or checkreferer() != True){
session_write_close();
session_start();
logout();
$_SESSION['Expire'] = time() + $config['Session_Length'];
$_SESSION['User_IP'] = $IP;
$_SESSION['Agent'] = $_SERVER['HTTP_USER_AGENT'];
}
logout() löscht die ganzen session vars.
checkreferer():
Code:
function checkreferer(){
if(isset($_SERVER['HTTP_REFERER'])){
$referer = parse_url($_SERVER['HTTP_REFERER']);
if($referer['host'] != $_SERVER['HTTP_HOST']){
return FALSE;
}
else{
return TRUE;
}
}
else{
return TRUE;
}
}
reicht das?