[eluser]feri_soft[/eluser]
Whats the reason for putting sessions in the database when the ip is not checked and it couldnt be as there are dynamic ips. If someone changes his session value in the cookie and has the same user_agent data as the real owner of that session id? How the validation is actually done. It seems a bit unusable. Can you explain please? Thanks!