login: check for stale session in login handler, instead of authenticate_user()

6 years ago · f8fc1ac543
parent f730d7bb0a
commit f8fc1ac543
2 changed files with 8 additions and 7 deletions
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@ -465,6 +465,14 @@ class Handler_Public extends Handler {

 	function login() {
 		if (!SINGLE_USER_MODE) {
+			/* if a session is started here there's a stale login cookie we need to clean */
+
+			if (session_status() != PHP_SESSION_NONE) {
+				$_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
+
+				header("Location: " . get_self_url_prefix());
+				exit;
+			}

 			$login = clean($_POST["login"]);
 			$password = clean($_POST["password"]);
--- a/include/functions.php
+++ b/include/functions.php
@ -714,13 +714,6 @@

 			if ($user_id && !$check_only) {

-				/* if a session is started here there's a stale login cookie we need to clean */
-
-				if (session_status() != PHP_SESSION_NONE) {
-					$_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
-					return false;
-				}
-
 				session_regenerate_id(true);
 				session_start();