aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorNicolas LÅ“uillet <nicolas@loeuillet.org>2014-03-21 14:05:51 +0100
committerNicolas LÅ“uillet <nicolas@loeuillet.org>2014-03-21 14:05:51 +0100
commit028e34b6c40c3571d35c49d5a27b7eac19ceb4ef (patch)
treec7d415ade8f1ce1d80408fb465bdb68f93886b71
parent0c51bfea6fce1b1a6d8b54304b0dba673c1fbd20 (diff)
parentad53faf25cc2f83594f3f756923a042351f4f202 (diff)
downloadwallabag-028e34b6c40c3571d35c49d5a27b7eac19ceb4ef.tar.gz
wallabag-028e34b6c40c3571d35c49d5a27b7eac19ceb4ef.tar.zst
wallabag-028e34b6c40c3571d35c49d5a27b7eac19ceb4ef.zip
Merge pull request #581 from mariroz/fix-session-livetime
fix of issue under nginx and php-fpm
-rw-r--r--inc/3rdparty/Session.class.php6
-rw-r--r--index.php5
2 files changed, 5 insertions, 6 deletions
diff --git a/inc/3rdparty/Session.class.php b/inc/3rdparty/Session.class.php
index da7a4353..8c747558 100644
--- a/inc/3rdparty/Session.class.php
+++ b/inc/3rdparty/Session.class.php
@@ -51,7 +51,7 @@ class Session
51 public static function init($longlastingsession = false) 51 public static function init($longlastingsession = false)
52 { 52 {
53 //check if session name is correct 53 //check if session name is correct
54 if ( session_id() && session_id()!=self::$sessionName ) { 54 if ( (session_id() && !empty(self::$sessionName) && session_name()!=self::$sessionName) || $longlastingsession ) {
55 session_destroy(); 55 session_destroy();
56 } 56 }
57 57
@@ -71,7 +71,7 @@ class Session
71 session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true); 71 session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true);
72 } 72 }
73 else { 73 else {
74 session_set_cookie_params('', $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true); 74 session_set_cookie_params(0, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true);
75 } 75 }
76 //set server side valid session timeout 76 //set server side valid session timeout
77 //WARNING! this may not work in shared session environment. See http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime about min value: it can be set in any application 77 //WARNING! this may not work in shared session environment. See http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime about min value: it can be set in any application
@@ -183,7 +183,7 @@ class Session
183 || (self::$disableSessionProtection === false 183 || (self::$disableSessionProtection === false
184 && $_SESSION['ip'] !== self::_allIPs()) 184 && $_SESSION['ip'] !== self::_allIPs())
185 || time() >= $_SESSION['expires_on']) { 185 || time() >= $_SESSION['expires_on']) {
186 self::logout(); 186 //self::logout();
187 187
188 return false; 188 return false;
189 } 189 }
diff --git a/index.php b/index.php
index bc28a19d..fb13f38d 100644
--- a/index.php
+++ b/index.php
@@ -14,9 +14,7 @@ require_once 'inc/poche/global.inc.php';
14 14
15# Start session 15# Start session
16Session::$sessionName = 'poche'; 16Session::$sessionName = 'poche';
17if ( !isset($_GET['login']) ) { 17Session::init();
18 Session::init();
19}
20 18
21# Start Poche 19# Start Poche
22$poche = new Poche(); 20$poche = new Poche();
@@ -122,6 +120,7 @@ if (Session::isLogged()) {
122} else { 120} else {
123 $tpl_file = Tools::getTplFile('login'); 121 $tpl_file = Tools::getTplFile('login');
124 $tpl_vars['http_auth'] = 0; 122 $tpl_vars['http_auth'] = 0;
123 Session::logout();
125} 124}
126 125
127# because messages can be added in $poche->action(), we have to add this entry now (we can add it before) 126# because messages can be added in $poche->action(), we have to add this entry now (we can add it before)