implement some tweaks to session handling; properly remove session cookie if invalid/login failed

author: Andrew Dolgov <[email protected]> 2013-04-04 15:33:14 +0400
committer: Andrew Dolgov <[email protected]> 2013-04-04 15:33:14 +0400
commit: 9ce7a5546c6d9cca8aa8be524d43c735e2bd7182 (patch)
tree: fd2326ab8a39f19737b391da537f3065d0b8fa55 /classes
parent: 82d77deb2876df4aac8536108404b93e20fd407b (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/classes/handler/public.php b/classes/handler/public.php
index b8a32cd27..9304b0181 100644
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -515,7 +515,7 @@ class Handler_Public extends Handler {
 
 			$login = db_escape_string($this->link, $_POST["login"]);
 			$password = $_POST["password"];
-			$remember_me = $_POST["remember_me"];
+			/* $remember_me = $_POST["remember_me"];
 
 			if ($remember_me) {
 				session_set_cookie_params(SESSION_COOKIE_LIFETIME);
@@ -523,7 +523,7 @@ class Handler_Public extends Handler {
 				session_set_cookie_params(0);
 			}
 
-			@session_start();
+			@session_start(); */
 
 			if (authenticate_user($this->link, $login, $password)) {
 				$_POST["password"] = "";
author	Andrew Dolgov <[email protected]>	2013-04-04 15:33:14 +0400
committer	Andrew Dolgov <[email protected]>	2013-04-04 15:33:14 +0400
commit	9ce7a5546c6d9cca8aa8be524d43c735e2bd7182 (patch)
tree	fd2326ab8a39f19737b391da537f3065d0b8fa55 /classes
parent	82d77deb2876df4aac8536108404b93e20fd407b (diff)