only autostart session if login cookie exists

diff --git a/api/index.php b/api/index.php
index 147157946ab4dfdd389931334a9bd5b8d474eae8..d248c4f85ea2ca856659adb884ce730124882163 100644 (file)
--- a/api/index.php
+++ b/api/index.php
@@ -46,10 +46,9 @@
 
        if ($_REQUEST["sid"]) {
                session_id($_REQUEST["sid"]);
+               @session_start();
        }
 
-       @session_start();
-
        if (!init_connection($link)) return;
 
        $method = strtolower($_REQUEST["op"]);

diff --git a/classes/api.php b/classes/api.php
index ba0eebb368c88a3beb394183dcf8a4b58f25240c..cf8b2dcfca93d95dffe395c9d2162b0f380a737f 100644 (file)
--- a/classes/api.php
+++ b/classes/api.php
@@ -47,6 +47,8 @@ class API extends Handler {
        }
 
        function login() {
+               @session_start();
+
                $login = db_escape_string($this->link, $_REQUEST["user"]);
                $password = $_REQUEST["password"];
                $password_base64 = base64_decode($_REQUEST["password"]);

diff --git a/classes/handler/public.php b/classes/handler/public.php
index 94938e5480f90da6902aa4fdf3e403ab01254d73..789db0614b18bfd9981309821dfacd9c7c798979 100644 (file)
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -481,6 +481,8 @@ class Handler_Public extends Handler {
 
        function login() {
 
+               @session_start();
+
                $_SESSION["prefs_cache"] = array();
 
                if (!SINGLE_USER_MODE) {

diff --git a/include/sessions.php b/include/sessions.php
index 3355ec49e8326faacd21a6cf612133afe8a43bdd..a83daea82489d77ba561f4f4e2b37513eb56bd48 100644 (file)
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -105,6 +105,8 @@
        session_set_cookie_params(SESSION_COOKIE_LIFETIME);
 
        if (!defined('TTRSS_SESSION_NAME') || TTRSS_SESSION_NAME != 'ttrss_api_sid') {
-               @session_start();
+               if ($_COOKIE[$session_name]) {
+                       @session_start();
+               }
        }
 ?>