only destroy unlogged sessions

master
Andrew Dolgov 12 years ago
parent 4ad99f23ff
commit d0eef2a3b0

@ -744,7 +744,9 @@
cache_prefs($link); cache_prefs($link);
load_user_plugins($link, $_SESSION["uid"]); load_user_plugins($link, $_SESSION["uid"]);
} else { } else {
if (!$_SESSION["uid"] || !validate_session($link)) { if (!validate_session($link)) $_SESSION["uid"] = false;
if (!$_SESSION["uid"]) {
if (AUTH_AUTO_LOGIN && authenticate_user($link, null, null)) { if (AUTH_AUTO_LOGIN && authenticate_user($link, null, null)) {
$_SESSION["ref_schema_version"] = get_schema_version($link, true); $_SESSION["ref_schema_version"] = get_schema_version($link, true);
@ -752,12 +754,12 @@
authenticate_user($link, null, null, true); authenticate_user($link, null, null, true);
} }
if (!$_SESSION["uid"]) render_login_form($link); if (!$_SESSION["uid"]) {
render_login_form($link);
@session_destroy(); @session_destroy();
setcookie(session_name(), '', time()-42000, '/'); setcookie(session_name(), '', time()-42000, '/');
exit;
exit; }
} else { } else {
/* bump login timestamp */ /* bump login timestamp */

Loading…
Cancel
Save