implement some tweaks to session handling; properly remove session cookie if invalid/login failed

author: Andrew Dolgov <[email protected]> 2013-04-04 15:33:14 +0400
committer: Andrew Dolgov <[email protected]> 2013-04-04 15:33:14 +0400
commit: 9ce7a5546c6d9cca8aa8be524d43c735e2bd7182 (patch)
tree: fd2326ab8a39f19737b391da537f3065d0b8fa55 /include/sessions.php
parent: 82d77deb2876df4aac8536108404b93e20fd407b (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/include/sessions.php b/include/sessions.php
index 0edda4ec7..402e8b8de 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -15,10 +15,11 @@
 		ini_set("session.cookie_secure", true);
 	}
 
-	ini_set("session.gc_probability", 50);
+	ini_set("session.gc_probability", 75);
 	ini_set("session.name", $session_name);
 	ini_set("session.use_only_cookies", true);
 	ini_set("session.gc_maxlifetime", $session_expire);
+	ini_set("session.cookie_lifetime", min(0, SESSION_COOKIE_LIFETIME));
 
 	global $session_connection;
 
@@ -181,8 +182,8 @@
 			"ttrss_destroy", "ttrss_gc");
 	}
 
-	if (!defined('TTRSS_SESSION_NAME') || TTRSS_SESSION_NAME != 'ttrss_api_sid') {
-		if (isset($_COOKIE[$session_name])) {
+	if (!defined('NO_SESSION_AUTOSTART')) {
+		if (isset($_COOKIE[session_name()])) {
 			@session_start();
 		}
 	}
author	Andrew Dolgov <[email protected]>	2013-04-04 15:33:14 +0400
committer	Andrew Dolgov <[email protected]>	2013-04-04 15:33:14 +0400
commit	9ce7a5546c6d9cca8aa8be524d43c735e2bd7182 (patch)
tree	fd2326ab8a39f19737b391da537f3065d0b8fa55 /include/sessions.php
parent	82d77deb2876df4aac8536108404b93e20fd407b (diff)