From: Andrew Dolgov Date: Thu, 28 Mar 2013 04:06:21 +0000 (+0400) Subject: only autostart session if login cookie exists X-Git-Tag: 1.7.6~228 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=5160620c8a3c940688f60cc32abb2387a87139dd;p=tt-rss.git only autostart session if login cookie exists --- diff --git a/api/index.php b/api/index.php index 14715794..d248c4f8 100644 --- a/api/index.php +++ b/api/index.php @@ -46,10 +46,9 @@ if ($_REQUEST["sid"]) { session_id($_REQUEST["sid"]); + @session_start(); } - @session_start(); - if (!init_connection($link)) return; $method = strtolower($_REQUEST["op"]); diff --git a/classes/api.php b/classes/api.php index ba0eebb3..cf8b2dcf 100644 --- a/classes/api.php +++ b/classes/api.php @@ -47,6 +47,8 @@ class API extends Handler { } function login() { + @session_start(); + $login = db_escape_string($this->link, $_REQUEST["user"]); $password = $_REQUEST["password"]; $password_base64 = base64_decode($_REQUEST["password"]); diff --git a/classes/handler/public.php b/classes/handler/public.php index 94938e54..789db061 100644 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -481,6 +481,8 @@ class Handler_Public extends Handler { function login() { + @session_start(); + $_SESSION["prefs_cache"] = array(); if (!SINGLE_USER_MODE) { diff --git a/include/sessions.php b/include/sessions.php index 3355ec49..a83daea8 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -105,6 +105,8 @@ session_set_cookie_params(SESSION_COOKIE_LIFETIME); if (!defined('TTRSS_SESSION_NAME') || TTRSS_SESSION_NAME != 'ttrss_api_sid') { - @session_start(); + if ($_COOKIE[$session_name]) { + @session_start(); + } } ?>