diff options
author | Andrew Dolgov <[email protected]> | 2013-04-04 15:33:14 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2013-04-04 15:33:14 +0400 |
commit | 9ce7a5546c6d9cca8aa8be524d43c735e2bd7182 (patch) | |
tree | fd2326ab8a39f19737b391da537f3065d0b8fa55 /include | |
parent | 82d77deb2876df4aac8536108404b93e20fd407b (diff) |
implement some tweaks to session handling; properly remove session cookie if invalid/login failed
Diffstat (limited to 'include')
-rw-r--r-- | include/functions.php | 3 | ||||
-rw-r--r-- | include/login_form.php | 2 | ||||
-rw-r--r-- | include/sessions.php | 7 |
3 files changed, 7 insertions, 5 deletions
diff --git a/include/functions.php b/include/functions.php index 71fd16542..9c64fad9f 100644 --- a/include/functions.php +++ b/include/functions.php @@ -756,9 +756,10 @@ } if (!$_SESSION["uid"]) { - render_login_form($link); @session_destroy(); setcookie(session_name(), '', time()-42000, '/'); + + render_login_form($link); exit; } diff --git a/include/login_form.php b/include/login_form.php index 7ac7111c8..ca07ccfee 100644 --- a/include/login_form.php +++ b/include/login_form.php @@ -221,7 +221,7 @@ function bwLimitChange(elem) { <label style='display : inline' for="bw_limit"><?php echo __("Use less traffic") ?></label> </div> - <?php if (SESSION_COOKIE_LIFETIME > 0) { ?> + <?php if (false && SESSION_COOKIE_LIFETIME > 0) { /* disabled for now */ ?> <div class="row"> <label> </label> diff --git a/include/sessions.php b/include/sessions.php index 0edda4ec7..402e8b8de 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -15,10 +15,11 @@ ini_set("session.cookie_secure", true); } - ini_set("session.gc_probability", 50); + ini_set("session.gc_probability", 75); ini_set("session.name", $session_name); ini_set("session.use_only_cookies", true); ini_set("session.gc_maxlifetime", $session_expire); + ini_set("session.cookie_lifetime", min(0, SESSION_COOKIE_LIFETIME)); global $session_connection; @@ -181,8 +182,8 @@ "ttrss_destroy", "ttrss_gc"); } - if (!defined('TTRSS_SESSION_NAME') || TTRSS_SESSION_NAME != 'ttrss_api_sid') { - if (isset($_COOKIE[$session_name])) { + if (!defined('NO_SESSION_AUTOSTART')) { + if (isset($_COOKIE[session_name()])) { @session_start(); } } |