From 3e44e9d3f66eea26500cf0ed58c64f6861167404 Mon Sep 17 00:00:00 2001 From: Jens L Date: Fri, 5 Jan 2024 19:10:27 +0100 Subject: [PATCH] stages/user_login: only set last_ip in session if a binding is given (#8074) --- authentik/stages/user_login/middleware.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/authentik/stages/user_login/middleware.py b/authentik/stages/user_login/middleware.py index 8fea4c408..73e42e1ac 100644 --- a/authentik/stages/user_login/middleware.py +++ b/authentik/stages/user_login/middleware.py @@ -109,7 +109,10 @@ class BoundSessionMiddleware(SessionMiddleware): self.recheck_session_geo(configured_binding_geo, last_ip, new_ip) # If we got to this point without any error being raised, we need to # update the last saved IP to the current one - request.session[SESSION_KEY_LAST_IP] = new_ip + if SESSION_KEY_BINDING_NET in request.session or SESSION_KEY_BINDING_GEO in request.session: + # Only set the last IP in the session if there's a binding specified + # (== basically requires the user to be logged in) + request.session[SESSION_KEY_LAST_IP] = new_ip AuthenticatedSession.objects.filter(session_key=request.session.session_key).update( last_ip=new_ip, last_user_agent=request.META.get("HTTP_USER_AGENT", "") )