fix session write handler always assuming that database entry exists and failing silently if it doesn't; remove session cookie-related hacks

This commit is contained in:
Andrew Dolgov 2018-10-16 14:07:42 +03:00
parent d246fb9fe1
commit 5f66f872b6
3 changed files with 27 additions and 26 deletions

View File

@ -465,14 +465,6 @@ class Handler_Public extends Handler {
function login() {
if (!SINGLE_USER_MODE) {
/* if a session is started here there's a stale login cookie we need to clean */
if (session_status() != PHP_SESSION_NONE) {
$_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
header("Location: " . get_self_url_prefix());
exit;
}
$login = clean($_POST["login"]);
$password = clean($_POST["password"]);

View File

@ -714,8 +714,8 @@
if ($user_id && !$check_only) {
session_regenerate_id(true);
session_start();
session_regenerate_id(true);
$_SESSION["uid"] = $user_id;
$_SESSION["version"] = VERSION_STATIC;

View File

@ -116,8 +116,17 @@
$data = base64_encode($data);
$expire = time() + $session_expire;
$sth = Db::pdo()->prepare("SELECT id FROM ttrss_sessions WHERE id=?");
$sth->execute([$id]);
if ($row = $sth->fetch()) {
$sth = Db::pdo()->prepare("UPDATE ttrss_sessions SET data=?, expire=? WHERE id=?");
$sth->execute([$data, $expire, $id]);
} else {
$sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire)
VALUES (?, ?, ?)");
$sth->execute([$id, $data, $expire]);
}
return true;
}