valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

login: check for stale session in login handler, instead of authenticate_user()

This commit is contained in:
Andrew Dolgov 2018-10-16 11:39:12 +03:00
parent f730d7bb0a
commit f8fc1ac543
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
classes/handler/public.php
View File

@ -465,6 +465,14 @@ class Handler_Public extends Handler {
function login() { function login() {
if (!SINGLE_USER_MODE) { if (!SINGLE_USER_MODE) {
/* if a session is started here there's a stale login cookie we need to clean */
if (session_status() != PHP_SESSION_NONE) {
$_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
header("Location: " . get_self_url_prefix());
exit;
}
$login = clean($_POST["login"]); $login = clean($_POST["login"]);
$password = clean($_POST["password"]); $password = clean($_POST["password"]);

7
include/functions.php
View File

@ -714,13 +714,6 @@
if ($user_id && !$check_only) { if ($user_id && !$check_only) {
/* if a session is started here there's a stale login cookie we need to clean */
if (session_status() != PHP_SESSION_NONE) {
$_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
return false;
}
session_regenerate_id(true); session_regenerate_id(true);
session_start(); session_start();