Fix cookie session timestamp validation

loocars · loocars · commit d622457b1dac · 2025-02-25T11:41:29.000+01:00
In certain scenarios localhost could be blocked or take a long time to
resolve, hence the cookie session validation now uses the loopback
address directly instead of localhost
diff --git a/ChangeLog b/ChangeLog
@@ -1,4 +1,6 @@
 1.9.45
+  * FIX: Fix not working cookie session timestamps validation introduced with 1.9.43 in
+         when localhost is blocked or takes a long time to resolve
 
 1.9.44
   * FIX: Fix not working cookie session timestamps validation introduced with 1.9.43 in
diff --git a/share/server/core/classes/CoreLogonMultisite.php b/share/server/core/classes/CoreLogonMultisite.php
@@ -138,7 +138,8 @@ private function checkAuthCookie($cookieName) {
         // Check session periods validity
         $site = getenv('OMD_SITE');
         $port = $_SERVER['SERVER_PORT'];
-        $url = "http://localhost:$port/$site/check_mk/api/1.0/version";
+        $host = $_SERVER['SERVER_HOST'];
+        $url = "http://$host:$port/$site/check_mk/api/1.0/version";
         
         $headers = [
             'Content-type: application/json',
