From: Andrew Dolgov <noreply@fakecake.org>
Date: Mon, 15 Oct 2018 11:53:35 +0000 (+0300)
Subject: if empty session is autostarted because of a cookie, immediately destroy it
X-Git-Tag: 18.12~60
X-Git-Url: https://git.wh0rd.org/?p=tt-rss.git;a=commitdiff_plain;h=74736fce0f89efbaa971e6817303e8840c4aed8f

if empty session is autostarted because of a cookie, immediately destroy it
---

diff --git a/include/sessions.php b/include/sessions.php
index f625cd16..2d17bfd8 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -160,5 +160,9 @@
 	if (!defined('NO_SESSION_AUTOSTART')) {
 		if (isset($_COOKIE[session_name()])) {
 			@session_start();
+
+			if (!$_SESSION['uid']) {
+				logout_user();
+			}
 		}
 	}