implement some tweaks to session handling; properly remove session cookie if invalid/login failed
This commit is contained in:
parent
82d77deb28
commit
9ce7a5546c
5 changed files with 10 additions and 7 deletions
|
@ -11,6 +11,7 @@
|
||||||
chdir("..");
|
chdir("..");
|
||||||
|
|
||||||
define('TTRSS_SESSION_NAME', 'ttrss_api_sid');
|
define('TTRSS_SESSION_NAME', 'ttrss_api_sid');
|
||||||
|
define('NO_SESSION_AUTOSTART', true);
|
||||||
|
|
||||||
require_once "db.php";
|
require_once "db.php";
|
||||||
require_once "db-prefs.php";
|
require_once "db-prefs.php";
|
||||||
|
|
|
@ -515,7 +515,7 @@ class Handler_Public extends Handler {
|
||||||
|
|
||||||
$login = db_escape_string($this->link, $_POST["login"]);
|
$login = db_escape_string($this->link, $_POST["login"]);
|
||||||
$password = $_POST["password"];
|
$password = $_POST["password"];
|
||||||
$remember_me = $_POST["remember_me"];
|
/* $remember_me = $_POST["remember_me"];
|
||||||
|
|
||||||
if ($remember_me) {
|
if ($remember_me) {
|
||||||
session_set_cookie_params(SESSION_COOKIE_LIFETIME);
|
session_set_cookie_params(SESSION_COOKIE_LIFETIME);
|
||||||
|
@ -523,7 +523,7 @@ class Handler_Public extends Handler {
|
||||||
session_set_cookie_params(0);
|
session_set_cookie_params(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
@session_start();
|
@session_start(); */
|
||||||
|
|
||||||
if (authenticate_user($this->link, $login, $password)) {
|
if (authenticate_user($this->link, $login, $password)) {
|
||||||
$_POST["password"] = "";
|
$_POST["password"] = "";
|
||||||
|
|
|
@ -756,9 +756,10 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$_SESSION["uid"]) {
|
if (!$_SESSION["uid"]) {
|
||||||
render_login_form($link);
|
|
||||||
@session_destroy();
|
@session_destroy();
|
||||||
setcookie(session_name(), '', time()-42000, '/');
|
setcookie(session_name(), '', time()-42000, '/');
|
||||||
|
|
||||||
|
render_login_form($link);
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -221,7 +221,7 @@ function bwLimitChange(elem) {
|
||||||
<label style='display : inline' for="bw_limit"><?php echo __("Use less traffic") ?></label>
|
<label style='display : inline' for="bw_limit"><?php echo __("Use less traffic") ?></label>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<?php if (SESSION_COOKIE_LIFETIME > 0) { ?>
|
<?php if (false && SESSION_COOKIE_LIFETIME > 0) { /* disabled for now */ ?>
|
||||||
|
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<label> </label>
|
<label> </label>
|
||||||
|
|
|
@ -15,10 +15,11 @@
|
||||||
ini_set("session.cookie_secure", true);
|
ini_set("session.cookie_secure", true);
|
||||||
}
|
}
|
||||||
|
|
||||||
ini_set("session.gc_probability", 50);
|
ini_set("session.gc_probability", 75);
|
||||||
ini_set("session.name", $session_name);
|
ini_set("session.name", $session_name);
|
||||||
ini_set("session.use_only_cookies", true);
|
ini_set("session.use_only_cookies", true);
|
||||||
ini_set("session.gc_maxlifetime", $session_expire);
|
ini_set("session.gc_maxlifetime", $session_expire);
|
||||||
|
ini_set("session.cookie_lifetime", min(0, SESSION_COOKIE_LIFETIME));
|
||||||
|
|
||||||
global $session_connection;
|
global $session_connection;
|
||||||
|
|
||||||
|
@ -181,8 +182,8 @@
|
||||||
"ttrss_destroy", "ttrss_gc");
|
"ttrss_destroy", "ttrss_gc");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!defined('TTRSS_SESSION_NAME') || TTRSS_SESSION_NAME != 'ttrss_api_sid') {
|
if (!defined('NO_SESSION_AUTOSTART')) {
|
||||||
if (isset($_COOKIE[$session_name])) {
|
if (isset($_COOKIE[session_name()])) {
|
||||||
@session_start();
|
@session_start();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue