From 7cdcc3cb1992825aac0cca2ab81618a866d55b57 Mon Sep 17 00:00:00 2001
From: Lukas Lengler <lukas.lengler@checkmk.com>
Date: Thu, 19 Dec 2024 11:48:18 +0100
Subject: [PATCH] Fix cookie session timestamp validation

In certain scenarios localhost could be blocked or take a long time to
resolve, hence the cookie session validation now uses the loopback
address directly instead of localhost
---
 ChangeLog                                        | 2 ++
 share/server/core/classes/CoreLogonMultisite.php | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 5caf63d8..45bd12d8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,6 @@
 1.9.45
+  * FIX: Fix not working cookie session timestamps validation introduced with 1.9.43 in
+         when localhost is blocked or takes a long time to resolve
 
 1.9.44
   * FIX: Fix not working cookie session timestamps validation introduced with 1.9.43 in
diff --git a/share/server/core/classes/CoreLogonMultisite.php b/share/server/core/classes/CoreLogonMultisite.php
index 5c514e08..bf111a2a 100644
--- a/share/server/core/classes/CoreLogonMultisite.php
+++ b/share/server/core/classes/CoreLogonMultisite.php
@@ -138,7 +138,7 @@ private function checkAuthCookie($cookieName) {
         // Check session periods validity
         $site = getenv('OMD_SITE');
         $port = $_SERVER['SERVER_PORT'];
-        $url = "http://localhost:$port/$site/check_mk/api/1.0/version";
+        $url = "http://127.0.0.1:$port/$site/check_mk/api/1.0/version";
         
         $headers = [
             'Content-type: application/json',