implement some tweaks to session handling; properly remove session cookie if invalid/login failed
This commit is contained in:
Andrew Dolgov
parent
82d77deb28
commit
9ce7a5546c
5 changed files with 10 additions and 7 deletions
|
|
@ -11,6 +11,7 @@
|
|||
chdir("..");
|
||||
|
||||
define('TTRSS_SESSION_NAME', 'ttrss_api_sid');
|
||||
define('NO_SESSION_AUTOSTART', true);
|
||||
|
||||
require_once "db.php";
|
||||
require_once "db-prefs.php";
|
||||
|
|
|
|||
|
|
@ -515,7 +515,7 @@ class Handler_Public extends Handler {
|
|||
|
||||
$login = db_escape_string($this->link, $_POST["login"]);
|
||||
$password = $_POST["password"];
|
||||
$remember_me = $_POST["remember_me"];
|
||||
/* $remember_me = $_POST["remember_me"];
|
||||
|
||||
if ($remember_me) {
|
||||
session_set_cookie_params(SESSION_COOKIE_LIFETIME);
|
||||
|
|
@ -523,7 +523,7 @@ class Handler_Public extends Handler {
|
|||
session_set_cookie_params(0);
|
||||
}
|
||||
|
||||
@session_start();
|
||||
@session_start(); */
|
||||
|
||||
if (authenticate_user($this->link, $login, $password)) {
|
||||
$_POST["password"] = "";
|
||||
|
|
|
|||
|
|
@ -756,9 +756,10 @@
|
|||
}
|
||||
|
||||
if (!$_SESSION["uid"]) {
|
||||
render_login_form($link);
|
||||
@session_destroy();
|
||||
setcookie(session_name(), '', time()-42000, '/');
|
||||
|
||||
render_login_form($link);
|
||||
exit;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -221,7 +221,7 @@ function bwLimitChange(elem) {
|
|||
<label style='display : inline' for="bw_limit"><?php echo __("Use less traffic") ?></label>
|
||||
</div>
|
||||
|
||||
<?php if (SESSION_COOKIE_LIFETIME > 0) { ?>
|
||||
<?php if (false && SESSION_COOKIE_LIFETIME > 0) { /* disabled for now */ ?>
|
||||
|
||||
<div class="row">
|
||||
<label> </label>
|
||||
|
|
|
|||
|
|
@ -15,10 +15,11 @@
|
|||
ini_set("session.cookie_secure", true);
|
||||
}
|
||||
|
||||
ini_set("session.gc_probability", 50);
|
||||
ini_set("session.gc_probability", 75);
|
||||
ini_set("session.name", $session_name);
|
||||
ini_set("session.use_only_cookies", true);
|
||||
ini_set("session.gc_maxlifetime", $session_expire);
|
||||
ini_set("session.cookie_lifetime", min(0, SESSION_COOKIE_LIFETIME));
|
||||
|
||||
global $session_connection;
|
||||
|
||||
|
|
@ -181,8 +182,8 @@
|
|||
"ttrss_destroy", "ttrss_gc");
|
||||
}
|
||||
|
||||
if (!defined('TTRSS_SESSION_NAME') || TTRSS_SESSION_NAME != 'ttrss_api_sid') {
|
||||
if (isset($_COOKIE[$session_name])) {
|
||||
if (!defined('NO_SESSION_AUTOSTART')) {
|
||||
if (isset($_COOKIE[session_name()])) {
|
||||
@session_start();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue