Frug · Jugolo · May 4, 2016 · May 4, 2016 · May 4, 2016
diff --git a/chat/js/chat.js b/chat/js/chat.js
@@ -120,11 +120,10 @@ var ajaxChat = {
 	},
 
 	initConfig: function(config) {
-		this.token					= config["token"];
 		this.loginChannelID			= config['loginChannelID'];
 		this.loginChannelName		= config['loginChannelName'];
 		this.timerRate				= config['timerRate'];
-		this.ajaxURL				= config['ajaxURL'];
+		this.ajaxURL				= config['ajaxURL']+"&token="+config['token'];
 		this.baseURL				= config['baseURL'];
 		this.regExpMediaUrl			= config['regExpMediaUrl'];
 		this.startChatOnLoad		= config['startChatOnLoad'];
@@ -2045,7 +2044,7 @@ var ajaxChat = {
 	logout: function() {
 		clearTimeout(this.timer);
 		var message = 'logout=true';
-		this.makeRequest(this.ajaxURL+"&token="+this.token,'POST',message);
+		this.makeRequest(this.ajaxURL,'POST',message);
 	},
 
 	handleLogout: function(url) {

diff --git a/chat/lib/class/AJAXChat.php b/chat/lib/class/AJAXChat.php
@@ -139,8 +139,13 @@ function initSession() {
 				return;
 			}
 
+                        //wee know the ip is match. now wee need to know if the token is correct.
+                        if(!$this->getRequestVar('token') || $this->getRequestVar('token') != session_id()){
+                               return;
+                        }
+
 			// Logout if we receive a logout request, the chat has been closed or the userID could not be revalidated:
-			if($this->getRequestVar('logout') && $this->getRequestVar('token') == session_id() || !$this->isChatOpen() || !$this->revalidateUserID()) {
+			if($this->getRequestVar('logout') || !$this->isChatOpen() || !$this->revalidateUserID()) {
 				$this->logout();
 				return;
 			}