From d0eef2a3b0569db718f43fd56ca11f85a93d64e9 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Wed, 3 Apr 2013 19:23:43 +0400 Subject: [PATCH] only destroy unlogged sessions --- include/functions.php | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/include/functions.php b/include/functions.php index 05f184ea..f4f6ed20 100644 --- a/include/functions.php +++ b/include/functions.php @@ -744,7 +744,9 @@ cache_prefs($link); load_user_plugins($link, $_SESSION["uid"]); } else { - if (!$_SESSION["uid"] || !validate_session($link)) { + if (!validate_session($link)) $_SESSION["uid"] = false; + + if (!$_SESSION["uid"]) { if (AUTH_AUTO_LOGIN && authenticate_user($link, null, null)) { $_SESSION["ref_schema_version"] = get_schema_version($link, true); @@ -752,12 +754,12 @@ authenticate_user($link, null, null, true); } - if (!$_SESSION["uid"]) render_login_form($link); - - @session_destroy(); - setcookie(session_name(), '', time()-42000, '/'); - - exit; + if (!$_SESSION["uid"]) { + render_login_form($link); + @session_destroy(); + setcookie(session_name(), '', time()-42000, '/'); + exit; + } } else { /* bump login timestamp */ -- 2.39.5