use Time::HiRes qw(gettimeofday);
use List::MoreUtils qw(uniq);
use YAML;
+use Regexp::IPv6 qw($IPv6_re);
use SL::Auth::ColumnInformation;
use SL::Auth::Constants qw(:all);
my $api_token_cookie = $self->get_api_token_cookie;
my $cookie_is_bad = !$cookie || $cookie->{is_expired};
$cookie_is_bad ||= $api_token_cookie && ($api_token_cookie ne $cookie->{api_token}) if $api_token_cookie;
- $cookie_is_bad ||= $cookie->{ip_address} ne $ENV{REMOTE_ADDR} if !$api_token_cookie;
+ $cookie_is_bad ||= $cookie->{ip_address} ne $ENV{REMOTE_ADDR} if !$api_token_cookie && $ENV{REMOTE_ADDR} !~ /^$IPv6_re$/;
if ($cookie_is_bad) {
$self->destroy_session();
return $self->session_restore_result($cookie ? SESSION_EXPIRED() : SESSION_NONE());