Browse Source

login: check for stale session in login handler, instead of authenticate_user()

Andrew Dolgov 2 months ago
parent
commit
f8fc1ac543
2 changed files with 8 additions and 7 deletions
  1. 8 0
      classes/handler/public.php
  2. 0 7
      include/functions.php

+ 8 - 0
classes/handler/public.php

@@ -465,6 +465,14 @@ class Handler_Public extends Handler {
 
 	function login() {
 		if (!SINGLE_USER_MODE) {
+			/* if a session is started here there's a stale login cookie we need to clean */
+
+			if (session_status() != PHP_SESSION_NONE) {
+				$_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
+
+				header("Location: " . get_self_url_prefix());
+				exit;
+			}
 
 			$login = clean($_POST["login"]);
 			$password = clean($_POST["password"]);

+ 0 - 7
include/functions.php

@@ -714,13 +714,6 @@
 
 			if ($user_id && !$check_only) {
 
-				/* if a session is started here there's a stale login cookie we need to clean */
-
-				if (session_status() != PHP_SESSION_NONE) {
-					$_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
-					return false;
-				}
-
 				session_regenerate_id(true);
 				session_start();