From f8fc1ac54314dbd22c8673beb15d16780a0fc4c7 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 16 Oct 2018 11:39:12 +0300
Subject: [PATCH] login: check for stale session in login handler, instead of
 authenticate_user()

---
 classes/handler/public.php | 8 ++++++++
 include/functions.php      | 7 -------
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/classes/handler/public.php b/classes/handler/public.php
index de9c9684..38a8d749 100755
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -465,6 +465,14 @@ class Handler_Public extends Handler {
 
 	function login() {
 		if (!SINGLE_USER_MODE) {
+			/* if a session is started here there's a stale login cookie we need to clean */
+
+			if (session_status() != PHP_SESSION_NONE) {
+				$_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
+
+				header("Location: " . get_self_url_prefix());
+				exit;
+			}
 
 			$login = clean($_POST["login"]);
 			$password = clean($_POST["password"]);
diff --git a/include/functions.php b/include/functions.php
index 5588590a..006d17a4 100755
--- a/include/functions.php
+++ b/include/functions.php
@@ -714,13 +714,6 @@
 
 			if ($user_id && !$check_only) {
 
-				/* if a session is started here there's a stale login cookie we need to clean */
-
-				if (session_status() != PHP_SESSION_NONE) {
-					$_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
-					return false;
-				}
-
 				session_regenerate_id(true);
 				session_start();
 
-- 
2.39.2