diff options
| author | Andrew Dolgov <[email protected]> | 2018-10-16 09:11:32 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2018-10-16 09:11:32 +0300 |
| commit | f730d7bb0ac691153eacd80844bb530dca04e3cc (patch) | |
| tree | 541e93a874b0e62adffa68ad808714783c057293 /include | |
| parent | 9dadbdbb218885f213f05915943ce3142b2cfcd8 (diff) | |
another attempt to enforce session ID regeneration on login
Diffstat (limited to 'include')
| -rwxr-xr-x | include/functions.php | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/include/functions.php b/include/functions.php index a04a393ec..5588590a8 100755 --- a/include/functions.php +++ b/include/functions.php @@ -714,9 +714,11 @@ if ($user_id && !$check_only) { + /* if a session is started here there's a stale login cookie we need to clean */ + if (session_status() != PHP_SESSION_NONE) { - session_destroy(); - session_commit(); + $_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again"); + return false; } session_regenerate_id(true); |