implement some tweaks to session handling; properly remove session cookie if invalid...

[tt-rss.git] / include / sessions.php

diff --git a/include/sessions.php b/include/sessions.php
index 0edda4ec7d55ae6d556b7bf020fc55388166d6fd..402e8b8deca2c26922e75f8c6dd2b78c9cf5e64e 100644 (file)
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -15,10 +15,11 @@
                ini_set("session.cookie_secure", true);
        }
 
-       ini_set("session.gc_probability", 50);
+       ini_set("session.gc_probability", 75);
        ini_set("session.name", $session_name);
        ini_set("session.use_only_cookies", true);
        ini_set("session.gc_maxlifetime", $session_expire);
+       ini_set("session.cookie_lifetime", min(0, SESSION_COOKIE_LIFETIME));
 
        global $session_connection;
 
@@ -181,8 +182,8 @@
                        "ttrss_destroy", "ttrss_gc");
        }
 
-       if (!defined('TTRSS_SESSION_NAME') || TTRSS_SESSION_NAME != 'ttrss_api_sid') {
-               if (isset($_COOKIE[$session_name])) {
+       if (!defined('NO_SESSION_AUTOSTART')) {
+               if (isset($_COOKIE[session_name()])) {
                        @session_start();
                }
        }