--- session.inc	2005-04-02 02:15:39.000000000 +0200
+++ session.inc	2005-04-02 02:24:20.000000000 +0200
@@ -24,12 +24,15 @@ function sess_read($key) {
 
   $result = db_query_range("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s' AND u.status < 3", $key, 0, 1);
 
-  if (!db_num_rows($result)) {
+  if (($user = db_fetch_object($result)) && $user->hostname != $_SERVER['REMOTE_ADDR']) {
+    sess_destroy($key);
+    unset($user);
+  }
+  if (!$user) {
     db_query("INSERT INTO {sessions} (sid, uid, hostname, timestamp) VALUES ('%s', 0, '%s', %d)", $key, $_SERVER["REMOTE_ADDR"], time());
-    $result = db_query("SELECT u.* FROM {users} u WHERE u.uid = 0");
+    $user = db_fetch_object(db_query("SELECT u.* FROM {users} u WHERE u.uid = 0"));
   }
 
-  $user = db_fetch_object($result);
   $user = drupal_unpack($user);
   $user->roles = array();