only autostart session if login cookie exists

This commit is contained in:
Andrew Dolgov 2013-03-28 08:06:21 +04:00
parent f820f205d0
commit 5160620c8a
4 changed files with 8 additions and 3 deletions

View file

@ -46,9 +46,8 @@
if ($_REQUEST["sid"]) { if ($_REQUEST["sid"]) {
session_id($_REQUEST["sid"]); session_id($_REQUEST["sid"]);
}
@session_start(); @session_start();
}
if (!init_connection($link)) return; if (!init_connection($link)) return;

View file

@ -47,6 +47,8 @@ class API extends Handler {
} }
function login() { function login() {
@session_start();
$login = db_escape_string($this->link, $_REQUEST["user"]); $login = db_escape_string($this->link, $_REQUEST["user"]);
$password = $_REQUEST["password"]; $password = $_REQUEST["password"];
$password_base64 = base64_decode($_REQUEST["password"]); $password_base64 = base64_decode($_REQUEST["password"]);

View file

@ -481,6 +481,8 @@ class Handler_Public extends Handler {
function login() { function login() {
@session_start();
$_SESSION["prefs_cache"] = array(); $_SESSION["prefs_cache"] = array();
if (!SINGLE_USER_MODE) { if (!SINGLE_USER_MODE) {

View file

@ -105,6 +105,8 @@
session_set_cookie_params(SESSION_COOKIE_LIFETIME); session_set_cookie_params(SESSION_COOKIE_LIFETIME);
if (!defined('TTRSS_SESSION_NAME') || TTRSS_SESSION_NAME != 'ttrss_api_sid') { if (!defined('TTRSS_SESSION_NAME') || TTRSS_SESSION_NAME != 'ttrss_api_sid') {
if ($_COOKIE[$session_name]) {
@session_start(); @session_start();
} }
}
?> ?>