Merge pull request #581 from mariroz/fix-session-livetime

fix of issue under nginx and php-fpm

inc/3rdparty/Session.class.php

@@ -51,7 +51,7 @@ class Session
     public static function init($longlastingsession = false)
     {
         //check if session name is correct
-        if ( session_id() && session_id()!=self::$sessionName ) {
+        if ( (session_id() && !empty(self::$sessionName) && session_name()!=self::$sessionName) || $longlastingsession ) {
             session_destroy();
         }
 
@@ -71,7 +71,7 @@ class Session
             session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true);
         }
         else {
-            session_set_cookie_params('', $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true);
+            session_set_cookie_params(0, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true);
         }
         //set server side valid session timeout
         //WARNING! this may not work in shared session environment. See http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime about min value: it can be set in any application
@@ -183,7 +183,7 @@ class Session
             || (self::$disableSessionProtection === false
                 && $_SESSION['ip'] !== self::_allIPs())
             || time() >= $_SESSION['expires_on']) {
-            self::logout();
+            //self::logout();
 
             return false;
         }

index.php

@@ -14,9 +14,7 @@ require_once 'inc/poche/global.inc.php';
 
 # Start session
 Session::$sessionName = 'poche';
-if ( !isset($_GET['login']) ) {
+Session::init();
-    Session::init();
-}
 
 # Start Poche
 $poche = new Poche();
@@ -122,6 +120,7 @@ if (Session::isLogged()) {
 } else {
     $tpl_file = Tools::getTplFile('login');
     $tpl_vars['http_auth'] = 0;
+    Session::logout();
 }
 
 # because messages can be added in $poche->action(), we have to add this entry now (we can add it before)