diff --git a/WebModules.cpp b/WebModules.cpp
index 59477e5e..a66530dc 100644
--- a/WebModules.cpp
+++ b/WebModules.cpp
@@ -500,6 +500,11 @@ void CWebSock::OnPageRequest(const CString& sURI) {
 }
 
 CWebSock::EPageReqResult CWebSock::OnPageRequestInternal(const CString& sURI, CString& sPageRet) {
+	if (GetSession()->GetIP() != GetRemoteIP()) {
+		PrintErrorPage(403, "Access denied", "This session does not belong to your IP.");
+		return PAGE_DONE;
+	}
+
 	// Check that they really POSTed from one our forms by checking if they
 	// know the "secret" CSRF check value. Don't do this for login since
 	// CSRF against the login form makes no sense and the login form does a
diff --git a/WebModules.h b/WebModules.h
index d0a5d506..0ecc3394 100644
--- a/WebModules.h
+++ b/WebModules.h
@@ -39,6 +39,7 @@ public:
 	~CWebSession();
 
 	const CString& GetId() const { return m_sId; }
+	const CString& GetIP() const { return m_sIP; }
 	CUser* GetUser() const { return m_pUser; }
 	bool IsLoggedIn() const { return m_pUser != NULL; }
 	bool IsAdmin() const;