From 64fe2e6d0d728b38806dd802f2f5a109ab41db11 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Dec 2025 16:36:32 +0000
Subject: [PATCH] Fix DEV_MODE bypass to work when SESS_REMOTE_UA not set

Co-authored-by: DerLinkman <62480600+DerLinkman@users.noreply.github.com>
---
 data/web/inc/sessions.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/sessions.inc.php b/data/web/inc/sessions.inc.php
index 8486c75b8..7c44f1541 100644
--- a/data/web/inc/sessions.inc.php
+++ b/data/web/inc/sessions.inc.php
@@ -139,7 +139,7 @@ function session_check() {
   if (!isset($_SESSION['SESS_REMOTE_UA']) || ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT'])) {
     // In development mode, allow User-Agent changes (e.g., for responsive testing in dev tools)
     // Validate UA is not empty and has reasonable length (most UAs are under 200 chars, 500 is safe upper limit)
-    if (isset($GLOBALS['DEV_MODE']) && $GLOBALS['DEV_MODE'] && isset($_SESSION['SESS_REMOTE_UA']) && !empty($_SERVER['HTTP_USER_AGENT']) && strlen($_SERVER['HTTP_USER_AGENT']) < 500) {
+    if (isset($GLOBALS['DEV_MODE']) && $GLOBALS['DEV_MODE'] && !empty($_SERVER['HTTP_USER_AGENT']) && strlen($_SERVER['HTTP_USER_AGENT']) < 500) {
       $_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT'];
       return true;
     }