From f730d7bb0ac691153eacd80844bb530dca04e3cc Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 16 Oct 2018 09:11:32 +0300
Subject: another attempt to enforce session ID regeneration on login

---
 include/functions.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'include/functions.php')

diff --git a/include/functions.php b/include/functions.php
index a04a393ec..5588590a8 100755
--- a/include/functions.php
+++ b/include/functions.php
@@ -714,9 +714,11 @@
 
 			if ($user_id && !$check_only) {
 
+				/* if a session is started here there's a stale login cookie we need to clean */
+
 				if (session_status() != PHP_SESSION_NONE) {
-					session_destroy();
-					session_commit();
+					$_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
+					return false;
 				}
 
 				session_regenerate_id(true);
-- 
cgit v1.2.3