public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2026-02-10 16:01:33 +00:00
Code Issues Releases Wiki Activity

implement some tweaks to session handling; properly remove session cookie if invalid/login failed

Browse Source
This commit is contained in:
Andrew Dolgov
2013-04-04 15:33:14 +04:00
parent 82d77deb28
commit 9ce7a5546c
5 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
include/functions.php
View File

@@ -756,9 +756,10 @@
}
if (!$_SESSION["uid"]) {
render_login_form($link);
@session_destroy();
setcookie(session_name(), '', time()-42000, '/');
render_login_form($link);
exit;
}

2
include/login_form.php
View File

@@ -221,7 +221,7 @@ function bwLimitChange(elem) {
<label style='display : inline' for="bw_limit"><?php echo __("Use less traffic") ?></label>
</div>
<?php if (SESSION_COOKIE_LIFETIME > 0) { ?>
<?php if (false && SESSION_COOKIE_LIFETIME > 0) { /* disabled for now */ ?>
<div class="row">
<label>&nbsp;</label>

7
include/sessions.php
View File

@@ -15,10 +15,11 @@
ini_set("session.cookie_secure", true);
}
ini_set("session.gc_probability", 50);
ini_set("session.gc_probability", 75);
ini_set("session.name", $session_name);
ini_set("session.use_only_cookies", true);
ini_set("session.gc_maxlifetime", $session_expire);
ini_set("session.cookie_lifetime", min(0, SESSION_COOKIE_LIFETIME));
global $session_connection;
@@ -181,8 +182,8 @@
"ttrss_destroy", "ttrss_gc");
}
if (!defined('TTRSS_SESSION_NAME') || TTRSS_SESSION_NAME != 'ttrss_api_sid') {
if (isset($_COOKIE[$session_name])) {
if (!defined('NO_SESSION_AUTOSTART')) {
if (isset($_COOKIE[session_name()])) {
@session_start();
}
}