login: check for stale session in login handler, instead of authenticate_user()

[tt-rss.git] / classes / handler / public.php

diff --git a/classes/handler/public.php b/classes/handler/public.php
index de9c9684a00336db2b37d1b8d4ddf967e8f01c5f..38a8d749b91179f8e0b4a6cb49e33cb87ad9a4c2 100755 (executable)
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -465,6 +465,14 @@ class Handler_Public extends Handler {
 
        function login() {
                if (!SINGLE_USER_MODE) {
+                       /* if a session is started here there's a stale login cookie we need to clean */
+
+                       if (session_status() != PHP_SESSION_NONE) {
+                               $_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
+
+                               header("Location: " . get_self_url_prefix());
+                               exit;
+                       }
 
                        $login = clean($_POST["login"]);
                        $password = clean($_POST["password"]);