diff options
| -rw-r--r-- | inc/3rdparty/Session.class.php | 6 | ||||
| -rw-r--r-- | index.php | 5 |
2 files changed, 5 insertions, 6 deletions
diff --git a/inc/3rdparty/Session.class.php b/inc/3rdparty/Session.class.php index da7a4353..8c747558 100644 --- a/inc/3rdparty/Session.class.php +++ b/inc/3rdparty/Session.class.php | |||
| @@ -51,7 +51,7 @@ class Session | |||
| 51 | public static function init($longlastingsession = false) | 51 | public static function init($longlastingsession = false) |
| 52 | { | 52 | { |
| 53 | //check if session name is correct | 53 | //check if session name is correct |
| 54 | if ( session_id() && session_id()!=self::$sessionName ) { | 54 | if ( (session_id() && !empty(self::$sessionName) && session_name()!=self::$sessionName) || $longlastingsession ) { |
| 55 | session_destroy(); | 55 | session_destroy(); |
| 56 | } | 56 | } |
| 57 | 57 | ||
| @@ -71,7 +71,7 @@ class Session | |||
| 71 | session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true); | 71 | session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true); |
| 72 | } | 72 | } |
| 73 | else { | 73 | else { |
| 74 | session_set_cookie_params('', $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true); | 74 | session_set_cookie_params(0, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true); |
| 75 | } | 75 | } |
| 76 | //set server side valid session timeout | 76 | //set server side valid session timeout |
| 77 | //WARNING! this may not work in shared session environment. See http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime about min value: it can be set in any application | 77 | //WARNING! this may not work in shared session environment. See http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime about min value: it can be set in any application |
| @@ -183,7 +183,7 @@ class Session | |||
| 183 | || (self::$disableSessionProtection === false | 183 | || (self::$disableSessionProtection === false |
| 184 | && $_SESSION['ip'] !== self::_allIPs()) | 184 | && $_SESSION['ip'] !== self::_allIPs()) |
| 185 | || time() >= $_SESSION['expires_on']) { | 185 | || time() >= $_SESSION['expires_on']) { |
| 186 | self::logout(); | 186 | //self::logout(); |
| 187 | 187 | ||
| 188 | return false; | 188 | return false; |
| 189 | } | 189 | } |
| @@ -14,9 +14,7 @@ require_once 'inc/poche/global.inc.php'; | |||
| 14 | 14 | ||
| 15 | # Start session | 15 | # Start session |
| 16 | Session::$sessionName = 'poche'; | 16 | Session::$sessionName = 'poche'; |
| 17 | if ( !isset($_GET['login']) ) { | 17 | Session::init(); |
| 18 | Session::init(); | ||
| 19 | } | ||
| 20 | 18 | ||
| 21 | # Start Poche | 19 | # Start Poche |
| 22 | $poche = new Poche(); | 20 | $poche = new Poche(); |
| @@ -122,6 +120,7 @@ if (Session::isLogged()) { | |||
| 122 | } else { | 120 | } else { |
| 123 | $tpl_file = Tools::getTplFile('login'); | 121 | $tpl_file = Tools::getTplFile('login'); |
| 124 | $tpl_vars['http_auth'] = 0; | 122 | $tpl_vars['http_auth'] = 0; |
| 123 | Session::logout(); | ||
| 125 | } | 124 | } |
| 126 | 125 | ||
| 127 | # because messages can be added in $poche->action(), we have to add this entry now (we can add it before) | 126 | # because messages can be added in $poche->action(), we have to add this entry now (we can add it before) |