login system fixes (3)

[tt-rss.git] / sessions.php

diff --git a/sessions.php b/sessions.php
index 44d2f746da2be408f7ff0133996f7da332a1ab64..e1356262807bf3d8c7cc586956934948055b314f 100644 (file)
--- a/sessions.php
+++ b/sessions.php
@@ -1,13 +1,16 @@
-<?
+<?php
        // Original from http://www.daniweb.com/code/snippet43.html
 
        require_once "config.php";
        require_once "db.php";
 
-       $session_expire = 3600; //seconds
+       $session_expire = SESSION_EXPIRE_TIME; //seconds
+       $session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
 
        ini_set("session.gc_probability", 50);
-       ini_set("session.name", "ttrss_sid");
+       ini_set("session.name", $session_name);
+       ini_set("session.use_only_cookies", true);
+       ini_set("session.gc_maxlifetime", SESSION_EXPIRE_TIME);
 
        function open ($s, $n) {
        
@@ -22,12 +25,6 @@
        
                global $session_connection,$session_read;                                        
 
-               $ip_address = $_SERVER["REMOTE_ADDR"];
-
-               if (SESSION_CHECK_ADDRESS) {
-                       $address_check_qpart = " AND ip_address = '$ip_address'";
-               }
-
                $query = "SELECT data FROM ttrss_sessions WHERE id='$id' $address_check_qpart";
 
                $res = db_query($session_connection, $query);
@@ -53,18 +50,12 @@
                
                $data = db_escape_string(base64_encode($data), $session_connection);
                
-               $ip_address = $_SERVER["REMOTE_ADDR"];
-
-               if (SESSION_CHECK_ADDRESS) {
-                       $address_check_qpart = " AND ip_address = '$ip_address'";
-               }
-               
                if ($session_read) {
                        $query = "UPDATE ttrss_sessions SET data='$data', 
                                        expire='$expire' WHERE id='$id' $address_check_qpart"; 
                } else {
-                       $query = "INSERT INTO ttrss_sessions (id, data, expire, ip_address)
-                                       VALUES ('$id', '$data', '$expire', '$ip_address')";
+                       $query = "INSERT INTO ttrss_sessions (id, data, expire)
+                                       VALUES ('$id', '$data', '$expire')";
                }
                
                db_query($session_connection, $query);
@@ -84,12 +75,6 @@
        
                global $session_connection;
 
-               $ip_address = $_SERVER["REMOTE_ADDR"];
-
-               if (SESSION_CHECK_ADDRESS) {
-                       $address_check_qpart = " AND ip_address = '$ip_address'";
-               }
-
                $query = "DELETE FROM ttrss_sessions WHERE id = '$id' $address_check_qpart";
                
                db_query($session_connection, $query);
@@ -107,8 +92,10 @@
        }
 
        if (DATABASE_BACKED_SESSIONS) {
-               session_set_save_handler ("open", "close", "read", "write", "destroy", "gc");
+               session_set_save_handler("open", "close", "read", "write", "destroy", "gc");
        }
-       
+
+//     session_set_cookie_params(SESSION_COOKIE_LIFETIME_REMEMBER);
+
        session_start();
 ?>