From 5160620c8a3c940688f60cc32abb2387a87139dd Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Thu, 28 Mar 2013 08:06:21 +0400 Subject: [PATCH] only autostart session if login cookie exists --- api/index.php | 3 +-- classes/api.php | 2 ++ classes/handler/public.php | 2 ++ include/sessions.php | 4 +++- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/api/index.php b/api/index.php index 14715794..d248c4f8 100644 --- a/api/index.php +++ b/api/index.php @@ -46,10 +46,9 @@ if ($_REQUEST["sid"]) { session_id($_REQUEST["sid"]); + @session_start(); } - @session_start(); - if (!init_connection($link)) return; $method = strtolower($_REQUEST["op"]); diff --git a/classes/api.php b/classes/api.php index ba0eebb3..cf8b2dcf 100644 --- a/classes/api.php +++ b/classes/api.php @@ -47,6 +47,8 @@ class API extends Handler { } function login() { + @session_start(); + $login = db_escape_string($this->link, $_REQUEST["user"]); $password = $_REQUEST["password"]; $password_base64 = base64_decode($_REQUEST["password"]); diff --git a/classes/handler/public.php b/classes/handler/public.php index 94938e54..789db061 100644 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -481,6 +481,8 @@ class Handler_Public extends Handler { function login() { + @session_start(); + $_SESSION["prefs_cache"] = array(); if (!SINGLE_USER_MODE) { diff --git a/include/sessions.php b/include/sessions.php index 3355ec49..a83daea8 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -105,6 +105,8 @@ session_set_cookie_params(SESSION_COOKIE_LIFETIME); if (!defined('TTRSS_SESSION_NAME') || TTRSS_SESSION_NAME != 'ttrss_api_sid') { - @session_start(); + if ($_COOKIE[$session_name]) { + @session_start(); + } } ?> -- 2.39.5