SessionManager+LoginManager: fix checkLoginState logic

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
author: VirtualTam <virtualtam@flibidi.net> 2018-05-30 02:09:09 +0200
committer: VirtualTam <virtualtam@flibidi.net> 2018-06-02 16:46:06 +0200
commit: 8edd7f15886620b07064aa889aea05c5acbc0e58 (patch)
tree: c4299a352b3f4c518f79eb7208f667f68f8e9388 /application/security/SessionManager.php
parent: 704637bfebc73ada4b800b35c457e9fe56ad3567 (diff)
download: Shaarli-8edd7f15886620b07064aa889aea05c5acbc0e58.tar.gz
Shaarli-8edd7f15886620b07064aa889aea05c5acbc0e58.tar.zst
Shaarli-8edd7f15886620b07064aa889aea05c5acbc0e58.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php
index 24e25528..b8b8ab8d 100644
--- a/application/security/SessionManager.php
+++ b/application/security/SessionManager.php
@@ -169,6 +169,9 @@ class SessionManager
     */
    public function hasSessionExpired()
    {
+        if (empty($this->session['expires_on'])) {
+            return true;
+        }
        if (time() >= $this->session['expires_on']) {
            return true;
        }
@@ -188,7 +191,7 @@ class SessionManager
        if ($this->conf->get('security.session_protection_disabled') === true) {
            return false;
        }
-        if ($this->session['ip'] == $clientIpId) {
+        if (isset($this->session['ip']) && $this->session['ip'] === $clientIpId) {
            return false;
        }
        return true;
author	VirtualTam <virtualtam@flibidi.net>	2018-05-30 02:09:09 +0200
committer	VirtualTam <virtualtam@flibidi.net>	2018-06-02 16:46:06 +0200
commit	8edd7f15886620b07064aa889aea05c5acbc0e58 (patch)
tree	c4299a352b3f4c518f79eb7208f667f68f8e9388 /application/security/SessionManager.php
parent	704637bfebc73ada4b800b35c457e9fe56ad3567 (diff)
download	Shaarli-8edd7f15886620b07064aa889aea05c5acbc0e58.tar.gz Shaarli-8edd7f15886620b07064aa889aea05c5acbc0e58.tar.zst Shaarli-8edd7f15886620b07064aa889aea05c5acbc0e58.zip