only destroy unlogged sessions

This commit is contained in:
Andrew Dolgov 2013-04-03 19:23:43 +04:00
parent 4ad99f23ff
commit d0eef2a3b0
1 changed files with 9 additions and 7 deletions

View File

@ -744,7 +744,9 @@
cache_prefs($link);
load_user_plugins($link, $_SESSION["uid"]);
} else {
if (!$_SESSION["uid"] || !validate_session($link)) {
if (!validate_session($link)) $_SESSION["uid"] = false;
if (!$_SESSION["uid"]) {
if (AUTH_AUTO_LOGIN && authenticate_user($link, null, null)) {
$_SESSION["ref_schema_version"] = get_schema_version($link, true);
@ -752,12 +754,12 @@
authenticate_user($link, null, null, true);
}
if (!$_SESSION["uid"]) render_login_form($link);
if (!$_SESSION["uid"]) {
render_login_form($link);
@session_destroy();
setcookie(session_name(), '', time()-42000, '/');
exit;
}
} else {
/* bump login timestamp */