Browse Source

only autostart session if login cookie exists

Andrew Dolgov 7 years ago
parent
commit
5160620c8a
4 changed files with 8 additions and 3 deletions
  1. 1 2
      api/index.php
  2. 2 0
      classes/api.php
  3. 2 0
      classes/handler/public.php
  4. 3 1
      include/sessions.php

+ 1 - 2
api/index.php

@@ -46,10 +46,9 @@
 
 	if ($_REQUEST["sid"]) {
 		session_id($_REQUEST["sid"]);
+		@session_start();
 	}
 
-	@session_start();
-
 	if (!init_connection($link)) return;
 
 	$method = strtolower($_REQUEST["op"]);

+ 2 - 0
classes/api.php

@@ -47,6 +47,8 @@ class API extends Handler {
 	}
 
 	function login() {
+		@session_start();
+
 		$login = db_escape_string($this->link, $_REQUEST["user"]);
 		$password = $_REQUEST["password"];
 		$password_base64 = base64_decode($_REQUEST["password"]);

+ 2 - 0
classes/handler/public.php

@@ -481,6 +481,8 @@ class Handler_Public extends Handler {
 
 	function login() {
 
+		@session_start();
+
 		$_SESSION["prefs_cache"] = array();
 
 		if (!SINGLE_USER_MODE) {

+ 3 - 1
include/sessions.php

@@ -105,6 +105,8 @@
 	session_set_cookie_params(SESSION_COOKIE_LIFETIME);
 
 	if (!defined('TTRSS_SESSION_NAME') || TTRSS_SESSION_NAME != 'ttrss_api_sid') {
-		@session_start();
+		if ($_COOKIE[$session_name]) {
+			@session_start();
+		}
 	}
 ?>