login: check for stale session in login handler, instead of authenticate_user()

diff --git a/classes/handler/public.php b/classes/handler/public.php
index de9c9684a00336db2b37d1b8d4ddf967e8f01c5f..38a8d749b91179f8e0b4a6cb49e33cb87ad9a4c2 100755 (executable)
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -465,6 +465,14 @@ class Handler_Public extends Handler {
 
        function login() {
                if (!SINGLE_USER_MODE) {
+                       /* if a session is started here there's a stale login cookie we need to clean */
+
+                       if (session_status() != PHP_SESSION_NONE) {
+                               $_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
+
+                               header("Location: " . get_self_url_prefix());
+                               exit;
+                       }
 
                        $login = clean($_POST["login"]);
                        $password = clean($_POST["password"]);

diff --git a/include/functions.php b/include/functions.php
index 5588590a85c2ab8a99268af9db4d20fef498d308..006d17a4887c3683920bd73b2d5bdbaddd8345ef 100755 (executable)
--- a/include/functions.php
+++ b/include/functions.php
@@ -714,13 +714,6 @@
 
                        if ($user_id && !$check_only) {
 
-                               /* if a session is started here there's a stale login cookie we need to clean */
-
-                               if (session_status() != PHP_SESSION_NONE) {
-                                       $_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
-                                       return false;
-                               }
-
                                session_regenerate_id(true);
                                session_start();