diff --git a/classes/handler/public.php b/classes/handler/public.php index 7cce7d71b..de9c9684a 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -503,7 +503,9 @@ class Handler_Public extends Handler { // start an empty session to deliver login error message @session_start(); - $_SESSION["login_error_msg"] = __("Incorrect username or password"); + if (!isset($_SESSION["login_error_msg"])) + $_SESSION["login_error_msg"] = __("Incorrect username or password"); + user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING); } diff --git a/include/functions.php b/include/functions.php index a04a393ec..5588590a8 100755 --- a/include/functions.php +++ b/include/functions.php @@ -714,9 +714,11 @@ if ($user_id && !$check_only) { + /* if a session is started here there's a stale login cookie we need to clean */ + if (session_status() != PHP_SESSION_NONE) { - session_destroy(); - session_commit(); + $_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again"); + return false; } session_regenerate_id(true);