aboutsummaryrefslogtreecommitdiffhomepage
path: root/application/security
diff options
context:
space:
mode:
Diffstat (limited to 'application/security')
-rw-r--r--application/security/LoginManager.php2
-rw-r--r--application/security/SessionManager.php5
2 files changed, 5 insertions, 2 deletions
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php
index 4946850b..d6784d6d 100644
--- a/application/security/LoginManager.php
+++ b/application/security/LoginManager.php
@@ -95,7 +95,6 @@ class LoginManager
95 // The user client has a valid stay-signed-in cookie 95 // The user client has a valid stay-signed-in cookie
96 // Session information is updated with the current client information 96 // Session information is updated with the current client information
97 $this->sessionManager->storeLoginInfo($clientIpId); 97 $this->sessionManager->storeLoginInfo($clientIpId);
98 $this->isLoggedIn = true;
99 98
100 } elseif ($this->sessionManager->hasSessionExpired() 99 } elseif ($this->sessionManager->hasSessionExpired()
101 || $this->sessionManager->hasClientIpChanged($clientIpId) 100 || $this->sessionManager->hasClientIpChanged($clientIpId)
@@ -105,6 +104,7 @@ class LoginManager
105 return; 104 return;
106 } 105 }
107 106
107 $this->isLoggedIn = true;
108 $this->sessionManager->extendSession(); 108 $this->sessionManager->extendSession();
109 } 109 }
110 110
diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php
index 24e25528..b8b8ab8d 100644
--- a/application/security/SessionManager.php
+++ b/application/security/SessionManager.php
@@ -169,6 +169,9 @@ class SessionManager
169 */ 169 */
170 public function hasSessionExpired() 170 public function hasSessionExpired()
171 { 171 {
172 if (empty($this->session['expires_on'])) {
173 return true;
174 }
172 if (time() >= $this->session['expires_on']) { 175 if (time() >= $this->session['expires_on']) {
173 return true; 176 return true;
174 } 177 }
@@ -188,7 +191,7 @@ class SessionManager
188 if ($this->conf->get('security.session_protection_disabled') === true) { 191 if ($this->conf->get('security.session_protection_disabled') === true) {
189 return false; 192 return false;
190 } 193 }
191 if ($this->session['ip'] == $clientIpId) { 194 if (isset($this->session['ip']) && $this->session['ip'] === $clientIpId) {
192 return false; 195 return false;
193 } 196 }
194 return true; 197 return true;