]> git.wh0rd.org - tt-rss.git/blobdiff - include/functions.php
git.wh0rd.org / tt-rss.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
another attempt to enforce session ID regeneration on login
[tt-rss.git] / include / functions.php
diff --git a/include/functions.php b/include/functions.php
index a04a393ec3382c4fd852080e756f3cbc3e2d5e61..5588590a85c2ab8a99268af9db4d20fef498d308 100755 (executable)
--- a/include/functions.php
+++ b/include/functions.php
@@ -714,9 +714,11 @@
 
                        if ($user_id && !$check_only) {
 
+                               /* if a session is started here there's a stale login cookie we need to clean */
+
                                if (session_status() != PHP_SESSION_NONE) {
-                                       session_destroy();
-                                       session_commit();
+                                       $_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
+                                       return false;
                                }
 
                                session_regenerate_id(true);
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/