From f8fc1ac54314dbd22c8673beb15d16780a0fc4c7 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 16 Oct 2018 11:39:12 +0300
Subject: login: check for stale session in login handler, instead of
 authenticate_user()

---
 classes/handler/public.php | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'classes/handler/public.php')

diff --git a/classes/handler/public.php b/classes/handler/public.php
index de9c9684a..38a8d749b 100755
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -465,6 +465,14 @@ class Handler_Public extends Handler {
 
 	function login() {
 		if (!SINGLE_USER_MODE) {
+			/* if a session is started here there's a stale login cookie we need to clean */
+
+			if (session_status() != PHP_SESSION_NONE) {
+				$_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
+
+				header("Location: " . get_self_url_prefix());
+				exit;
+			}
 
 			$login = clean($_POST["login"]);
 			$password = clean($_POST["password"]);
-- 
cgit v1.2.3