From 74736fce0f89efbaa971e6817303e8840c4aed8f Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 15 Oct 2018 14:53:35 +0300 Subject: [PATCH] if empty session is autostarted because of a cookie, immediately destroy it --- include/sessions.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/sessions.php b/include/sessions.php index f625cd16f..2d17bfd8e 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -160,5 +160,9 @@ if (!defined('NO_SESSION_AUTOSTART')) { if (isset($_COOKIE[session_name()])) { @session_start(); + + if (!$_SESSION['uid']) { + logout_user(); + } } }