Commit Graph

51 Commits (9de26d44da61f15d1be8762416ddd1f36a1baaa2)

Author SHA1 Message Date
Andrew Dolgov 6e774a58fe more php8 fixes mostly related to login 4 years ago
Andrew Dolgov da5deaaca1 set session.cookie_lifetime to 0 initially instead of a rather useless min() 4 years ago
Andrew Dolgov 57fac84516 rename gettext.inc to gettext.inc.php (cosmetic) 4 years ago
Andrew Dolgov 72d0fac80c remove version.php and VERSION global constant, do version-related things in a slightly less ridiculous way 5 years ago
Andrew Dolgov 6fbf349155 add hidden _SKIP_SESSION_UA_CHECKS tunable 6 years ago
Andrew Dolgov 5f66f872b6 fix session write handler always assuming that database entry exists and failing silently if it doesn't; remove session cookie-related hacks 6 years ago
Andrew Dolgov d246fb9fe1 remove session REMOTE_ADDR checks 6 years ago
Andrew Dolgov 5feed36a3c do not use separate _ssl cookie for secure sessions 6 years ago
Andrew Dolgov 65e98f4086 force regenerate session id on successful login, remove previous blank SID check 6 years ago
Andrew Dolgov 74736fce0f if empty session is autostarted because of a cookie, immediately destroy it 6 years ago
Andrew Dolgov 7d53c2b501 validate_session: bring back IP session binding (enabled by default) and UA checking 6 years ago
Andrew Dolgov 4d13514dd4 sessions: PDO 7 years ago
Andrew Dolgov 1b5b1e5fec sessions: use is_server_https() for secure cookie setting 7 years ago
Natan Frei e234ac8dcb $_SERVER['HTTPS'] can be exists and 'off' for non-https connectios 7 years ago
Andrew Dolgov 09628e1b1a rework previous 32 bit session stuff 7 years ago
Andrew Dolgov b465c28ee0 sessions: clip max expiry value to a 32bit integer 7 years ago
Andrew Dolgov ea79a0e033 remove some redundant php closing tags 8 years ago
Andrew Dolgov 7b55001eee fix various issues reported by static analysis
update gitlab-ci config
8 years ago
Andrew Dolgov 33d131d699 ttrss_gc: return true 9 years ago
Andrew Dolgov f5e66c439e remove SESSION_CHECK_ADDRESS 9 years ago
Andrew Dolgov ffc3a1e579 session: don't try to validate session schema version on empty sessions 10 years ago
Andrew Dolgov 3192fb43bc do not invalidate session when version_static and user agent changes 10 years ago
Andrew Dolgov 04a8c2065f better error reporting in session validation 11 years ago
Andrew Dolgov 3472c4c569 use static version for session checking, show latest changeset for git version instead of head date 12 years ago
Andrew Dolgov 6322ac79a0 remove $link 12 years ago
Andrew Dolgov 404e2e3603 more work on singleton-based DB 12 years ago
Andrew Dolgov 889a5f9f19 experimental SQL-based error logger 12 years ago
Andrew Dolgov 9ce7a5546c implement some tweaks to session handling; properly remove session cookie if invalid/login failed 12 years ago
Andrew Dolgov 810205625b session validation: check for tt-rss version 12 years ago
Andrew Dolgov 6f431804a9 remove session check/destroy stuff, looks problematic 12 years ago
Andrew Dolgov c35b6d8e14 initialize session connection in ttrss_open but define session_connection in global context 12 years ago
Andrew Dolgov 168680976f sessions: initialize connection on include, not in ttrss_open 12 years ago
Ryan Parrish f4bae03a6e Merge branch 'master' of https://github.com/stickystyle/Tiny-Tiny-RSS 12 years ago
Ryan Parrish 7081aaa09b add missing gettext libs 12 years ago
Andrew Dolgov 837ec70e3e validate_session: check for user agent 12 years ago
Andrew Dolgov e9b7469233 validate session on startup 12 years ago
Andrew Dolgov 8f49a2257b fix stuff broken by previous pull 12 years ago
all 48ec0b8526 Check that $_SESSION["uid"] is defined before checking value 12 years ago
Andrew Dolgov 2137d67496 sessions: properly check for cookie being set 12 years ago
Andrew Dolgov 6cfd3c149c remove SESSION_EXPIRE_TIME 12 years ago
Andrew Dolgov f231f438ba reimplement remember_me 12 years ago
Andrew Dolgov 60ed4c9ad5 add yet another workaround for stuck login due to session cookies 12 years ago
Andrew Dolgov 5160620c8a only autostart session if login cookie exists 12 years ago
Andrew Dolgov 3972bf5981 db_escape_string: specify link parameter for consistency; sessions: do not force-close db connection in _close() 12 years ago
Andrew Dolgov 5c81e817d3 enable mysql db session support 12 years ago
Andrew Dolgov 0295919648 attempt fix db_escape_string() invocation in sessions.php 12 years ago
Andrew Dolgov acfbab375d mute warnings caused by session_start() to deal with potential ps_files_cleanup_dir stuff 12 years ago
Andrew Dolgov 6addc13f46 sessions: prevent HTTPS warning 12 years ago
Andrew Dolgov 964f153371 api: use tt-rss session storage 12 years ago
Andrew Dolgov 09e8bdfd18 simplify default global config, expand sanity_check messages 13 years ago