diff --git a/backend.php b/backend.php index 67bdabb56..656dcbf9c 100644 --- a/backend.php +++ b/backend.php @@ -2,11 +2,9 @@ require_once "sessions.php"; require_once "modules/backend-rpc.php"; - header("Cache-Control: no-cache, must-revalidate"); - header("Cache-Control: no-cache, must-revalidate"); - + header("Cache-Control: no-cache, max-age=0, must-revalidate"); header("Pragma: no-cache"); - header("Expires: -1"); + header("Expires: " . gmdate("D, d M Y H:i:s", time()) . " GMT"); /* if ($_GET["debug"]) { define('DEFAULT_ERROR_LEVEL', E_ALL); diff --git a/functions.php b/functions.php index 98bfc2e64..49955b63f 100644 --- a/functions.php +++ b/functions.php @@ -1192,49 +1192,17 @@ } } -/* if ($_COOKIE[get_session_cookie_name()]) { - require_once "sessions.php"; -} */ - $login_action = $_POST["login_action"]; -/* if (!validate_session($link) && $login_action != "do_login") { - logout_user(); - render_login_form($link); - exit; -} */ - - $session_started = false; - # try to authenticate user if called from login form if ($login_action == "do_login") { $login = $_POST["login"]; $password = $_POST["password"]; $remember_me = $_POST["remember_me"]; - if ($remember_me) { - session_set_cookie_params(SESSION_COOKIE_LIFETIME_REMEMBER); - } else { - session_set_cookie_params(SESSION_COOKIE_LIFETIME); - } - - require_once "sessions.php"; - - $session_started = true; - if (authenticate_user($link, $login, $password)) { $_POST["password"] = ""; - if ($remember_me) { - $_SESSION["cookie_lifetime"] = time() + - SESSION_COOKIE_LIFETIME_REMEMBER; - } else if (SESSION_COOKIE_LIFETIME) { - $_SESSION["cookie_lifetime"] = time() + SESSION_COOKIE_LIFETIME; - } - - setcookie("ttrss_cltime", $_SESSION["cookie_lifetime"], - $_SESSION["cookie_lifetime"]); - header("Location: " . $_SERVER["REQUEST_URI"]); exit; @@ -1244,17 +1212,16 @@ } } - if (!$session_started) { - require_once "sessions.php"; - } +// print session_id(); +// print_r($_SESSION); if (!$_SESSION["uid"] || !validate_session($link)) { render_login_form($link); exit; } + } else { - require_once "sessions.php"; return authenticate_user($link, "admin", null); } } diff --git a/login_form.php b/login_form.php index 0ecf3cc12..7ee53eb90 100644 --- a/login_form.php +++ b/login_form.php @@ -50,10 +50,10 @@ window.onload = init;