fix session write handler always assuming that database entry exists and failing silently if it doesn't; remove session cookie-related hacks
This commit is contained in:
parent
d246fb9fe1
commit
5f66f872b6
|
@ -465,14 +465,6 @@ class Handler_Public extends Handler {
|
|||
|
||||
function login() {
|
||||
if (!SINGLE_USER_MODE) {
|
||||
/* if a session is started here there's a stale login cookie we need to clean */
|
||||
|
||||
if (session_status() != PHP_SESSION_NONE) {
|
||||
$_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
|
||||
|
||||
header("Location: " . get_self_url_prefix());
|
||||
exit;
|
||||
}
|
||||
|
||||
$login = clean($_POST["login"]);
|
||||
$password = clean($_POST["password"]);
|
||||
|
|
|
@ -714,8 +714,8 @@
|
|||
|
||||
if ($user_id && !$check_only) {
|
||||
|
||||
session_regenerate_id(true);
|
||||
session_start();
|
||||
session_regenerate_id(true);
|
||||
|
||||
$_SESSION["uid"] = $user_id;
|
||||
$_SESSION["version"] = VERSION_STATIC;
|
||||
|
|
|
@ -116,8 +116,17 @@
|
|||
$data = base64_encode($data);
|
||||
$expire = time() + $session_expire;
|
||||
|
||||
$sth = Db::pdo()->prepare("SELECT id FROM ttrss_sessions WHERE id=?");
|
||||
$sth->execute([$id]);
|
||||
|
||||
if ($row = $sth->fetch()) {
|
||||
$sth = Db::pdo()->prepare("UPDATE ttrss_sessions SET data=?, expire=? WHERE id=?");
|
||||
$sth->execute([$data, $expire, $id]);
|
||||
} else {
|
||||
$sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire)
|
||||
VALUES (?, ?, ?)");
|
||||
$sth->execute([$id, $data, $expire]);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue