diff options
| author | Andrew Dolgov <[email protected]> | 2018-10-15 15:47:50 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2018-10-15 15:47:50 +0300 |
| commit | 65e98f40867862eb345676e23b633b9f52109d30 (patch) | |
| tree | e52d5e33eb31fff3ca3b4106540475eb13fd4ce2 /include | |
| parent | 74736fce0f89efbaa971e6817303e8840c4aed8f (diff) | |
force regenerate session id on successful login, remove previous blank SID check
Diffstat (limited to 'include')
| -rwxr-xr-x | include/functions.php | 9 | ||||
| -rw-r--r-- | include/sessions.php | 4 |
2 files changed, 8 insertions, 5 deletions
diff --git a/include/functions.php b/include/functions.php index d88e96dd6..3cd21969d 100755 --- a/include/functions.php +++ b/include/functions.php @@ -712,7 +712,14 @@ } if ($user_id && !$check_only) { - @session_start(); + + if (session_status() != PHP_SESSION_NONE) { + session_destroy(); + session_commit(); + } + + session_start(); + session_regenerate_id(true); $_SESSION["uid"] = $user_id; $_SESSION["version"] = VERSION_STATIC; diff --git a/include/sessions.php b/include/sessions.php index 2d17bfd8e..f625cd16f 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -160,9 +160,5 @@ if (!defined('NO_SESSION_AUTOSTART')) { if (isset($_COOKIE[session_name()])) { @session_start(); - - if (!$_SESSION['uid']) { - logout_user(); - } } } |