From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 16 Oct 2018 08:39:12 +0000 (+0300)
Subject: login: check for stale session in login handler, instead of authenticate_user()
X-Git-Tag: 18.12~54
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=f8fc1ac54314dbd22c8673beb15d16780a0fc4c7;p=tt-rss.git

login: check for stale session in login handler, instead of authenticate_user()
---

diff --git a/classes/handler/public.php b/classes/handler/public.php
index de9c9684..38a8d749 100755
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -465,6 +465,14 @@ class Handler_Public extends Handler {
 
 	function login() {
 		if (!SINGLE_USER_MODE) {
+			/* if a session is started here there's a stale login cookie we need to clean */
+
+			if (session_status() != PHP_SESSION_NONE) {
+				$_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
+
+				header("Location: " . get_self_url_prefix());
+				exit;
+			}
 
 			$login = clean($_POST["login"]);
 			$password = clean($_POST["password"]);
diff --git a/include/functions.php b/include/functions.php
index 5588590a..006d17a4 100755
--- a/include/functions.php
+++ b/include/functions.php
@@ -714,13 +714,6 @@
 
 			if ($user_id && !$check_only) {
 
-				/* if a session is started here there's a stale login cookie we need to clean */
-
-				if (session_status() != PHP_SESSION_NONE) {
-					$_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
-					return false;
-				}
-
 				session_regenerate_id(true);
 				session_start();