From 5160620c8a3c940688f60cc32abb2387a87139dd Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Thu, 28 Mar 2013 08:06:21 +0400
Subject: [PATCH] only autostart session if login cookie exists

---
 api/index.php              | 3 +--
 classes/api.php            | 2 ++
 classes/handler/public.php | 2 ++
 include/sessions.php       | 4 +++-
 4 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/api/index.php b/api/index.php
index 147157946..d248c4f85 100644
--- a/api/index.php
+++ b/api/index.php
@@ -46,10 +46,9 @@
 
 	if ($_REQUEST["sid"]) {
 		session_id($_REQUEST["sid"]);
+		@session_start();
 	}
 
-	@session_start();
-
 	if (!init_connection($link)) return;
 
 	$method = strtolower($_REQUEST["op"]);
diff --git a/classes/api.php b/classes/api.php
index ba0eebb36..cf8b2dcfc 100644
--- a/classes/api.php
+++ b/classes/api.php
@@ -47,6 +47,8 @@ class API extends Handler {
 	}
 
 	function login() {
+		@session_start();
+
 		$login = db_escape_string($this->link, $_REQUEST["user"]);
 		$password = $_REQUEST["password"];
 		$password_base64 = base64_decode($_REQUEST["password"]);
diff --git a/classes/handler/public.php b/classes/handler/public.php
index 94938e548..789db0614 100644
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -481,6 +481,8 @@ class Handler_Public extends Handler {
 
 	function login() {
 
+		@session_start();
+
 		$_SESSION["prefs_cache"] = array();
 
 		if (!SINGLE_USER_MODE) {
diff --git a/include/sessions.php b/include/sessions.php
index 3355ec49e..a83daea82 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -105,6 +105,8 @@
 	session_set_cookie_params(SESSION_COOKIE_LIFETIME);
 
 	if (!defined('TTRSS_SESSION_NAME') || TTRSS_SESSION_NAME != 'ttrss_api_sid') {
-		@session_start();
+		if ($_COOKIE[$session_name]) {
+			@session_start();
+		}
 	}
 ?>