Merge pull request #581 from mariroz/fix-session-livetime

fix of issue under nginx and php-fpm
author: Nicolas Lœuillet <nicolas@loeuillet.org> 2014-03-21 14:05:51 +0100
committer: Nicolas Lœuillet <nicolas@loeuillet.org> 2014-03-21 14:05:51 +0100
commit: 028e34b6c40c3571d35c49d5a27b7eac19ceb4ef (patch)
tree: c7d415ade8f1ce1d80408fb465bdb68f93886b71 /inc
parent: 0c51bfea6fce1b1a6d8b54304b0dba673c1fbd20 (diff)
parent: ad53faf25cc2f83594f3f756923a042351f4f202 (diff)
download: wallabag-028e34b6c40c3571d35c49d5a27b7eac19ceb4ef.tar.gz
wallabag-028e34b6c40c3571d35c49d5a27b7eac19ceb4ef.tar.zst
wallabag-028e34b6c40c3571d35c49d5a27b7eac19ceb4ef.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/inc/3rdparty/Session.class.php b/inc/3rdparty/Session.class.php
index da7a4353..8c747558 100644
--- a/inc/3rdparty/Session.class.php
+++ b/inc/3rdparty/Session.class.php
@@ -51,7 +51,7 @@ class Session
    public static function init($longlastingsession = false)
    {
        //check if session name is correct
-        if ( session_id() && session_id()!=self::$sessionName ) {
+        if ( (session_id() && !empty(self::$sessionName) && session_name()!=self::$sessionName) || $longlastingsession ) {
            session_destroy();
        }
@@ -71,7 +71,7 @@ class Session
            session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true);
        }
        else {
-            session_set_cookie_params('', $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true);
+            session_set_cookie_params(0, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true);
        }
        //set server side valid session timeout
        //WARNING! this may not work in shared session environment. See http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime about min value: it can be set in any application
@@ -183,7 +183,7 @@ class Session
            || (self::$disableSessionProtection === false
                && $_SESSION['ip'] !== self::_allIPs())
            || time() >= $_SESSION['expires_on']) {
-            self::logout();
+            //self::logout();
            return false;
        }
author	Nicolas Lœuillet <nicolas@loeuillet.org>	2014-03-21 14:05:51 +0100
committer	Nicolas Lœuillet <nicolas@loeuillet.org>	2014-03-21 14:05:51 +0100
commit	028e34b6c40c3571d35c49d5a27b7eac19ceb4ef (patch)
tree	c7d415ade8f1ce1d80408fb465bdb68f93886b71 /inc
parent	0c51bfea6fce1b1a6d8b54304b0dba673c1fbd20 (diff)
parent	ad53faf25cc2f83594f3f756923a042351f4f202 (diff)
download	wallabag-028e34b6c40c3571d35c49d5a27b7eac19ceb4ef.tar.gz wallabag-028e34b6c40c3571d35c49d5a27b7eac19ceb4ef.tar.zst wallabag-028e34b6c40c3571d35c49d5a27b7eac19ceb4ef.zip

diff --git a/inc/3rdparty/Session.class.php b/inc/3rdparty/Session.class.php index da7a4353..8c747558 100644 --- a/inc/3rdparty/Session.class.php +++ b/inc/3rdparty/Session.class.php
@@ -51,7 +51,7 @@ class Session
51	public static function init($longlastingsession = false)	51	public static function init($longlastingsession = false)
52	{	52	{
53	//check if session name is correct	53	//check if session name is correct
54	if ( session_id() && session_id()!=self::$sessionName ) {	54	if ( (session_id() && !empty(self::$sessionName) && session_name()!=self::$sessionName) \|\| $longlastingsession ) {
55	session_destroy();	55	session_destroy();
56	}	56	}
57		57
@@ -71,7 +71,7 @@ class Session
71	session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true);	71	session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true);
72	}	72	}
73	else {	73	else {
74	session_set_cookie_params('', $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true);	74	session_set_cookie_params(0, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true);
75	}	75	}
76	//set server side valid session timeout	76	//set server side valid session timeout
77	//WARNING! this may not work in shared session environment. See http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime about min value: it can be set in any application	77	//WARNING! this may not work in shared session environment. See http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime about min value: it can be set in any application
@@ -183,7 +183,7 @@ class Session
183	\|\| (self::$disableSessionProtection === false	183	\|\| (self::$disableSessionProtection === false
184	&& $_SESSION['ip'] !== self::_allIPs())	184	&& $_SESSION['ip'] !== self::_allIPs())
185	\|\| time() >= $_SESSION['expires_on']) {	185	\|\| time() >= $_SESSION['expires_on']) {
186	self::logout();	186	//self::logout();
187		187
188	return false;	188	return false;
189	}	189	}