From: Andrew Dolgov Date: Tue, 16 Oct 2018 08:39:12 +0000 (+0300) Subject: login: check for stale session in login handler, instead of authenticate_user() X-Git-Tag: 18.12~54 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=f8fc1ac54314dbd22c8673beb15d16780a0fc4c7;p=tt-rss.git login: check for stale session in login handler, instead of authenticate_user() --- diff --git a/classes/handler/public.php b/classes/handler/public.php index de9c9684..38a8d749 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -465,6 +465,14 @@ class Handler_Public extends Handler { function login() { if (!SINGLE_USER_MODE) { + /* if a session is started here there's a stale login cookie we need to clean */ + + if (session_status() != PHP_SESSION_NONE) { + $_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again"); + + header("Location: " . get_self_url_prefix()); + exit; + } $login = clean($_POST["login"]); $password = clean($_POST["password"]); diff --git a/include/functions.php b/include/functions.php index 5588590a..006d17a4 100755 --- a/include/functions.php +++ b/include/functions.php @@ -714,13 +714,6 @@ if ($user_id && !$check_only) { - /* if a session is started here there's a stale login cookie we need to clean */ - - if (session_status() != PHP_SESSION_NONE) { - $_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again"); - return false; - } - session_regenerate_id(true); session_start();