diff --git a/inc/3rdparty/Session.class.php b/inc/3rdparty/Session.class.php index da7a435..8c74755 100644 --- a/inc/3rdparty/Session.class.php +++ b/inc/3rdparty/Session.class.php @@ -51,7 +51,7 @@ class Session public static function init($longlastingsession = false) { //check if session name is correct - if ( session_id() && session_id()!=self::$sessionName ) { + if ( (session_id() && !empty(self::$sessionName) && session_name()!=self::$sessionName) || $longlastingsession ) { session_destroy(); } @@ -71,7 +71,7 @@ class Session session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true); } else { - session_set_cookie_params('', $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true); + session_set_cookie_params(0, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true); } //set server side valid session timeout //WARNING! this may not work in shared session environment. See http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime about min value: it can be set in any application @@ -183,7 +183,7 @@ class Session || (self::$disableSessionProtection === false && $_SESSION['ip'] !== self::_allIPs()) || time() >= $_SESSION['expires_on']) { - self::logout(); + //self::logout(); return false; } diff --git a/index.php b/index.php index bc28a19..fb13f38 100644 --- a/index.php +++ b/index.php @@ -14,9 +14,7 @@ require_once 'inc/poche/global.inc.php'; # Start session Session::$sessionName = 'poche'; -if ( !isset($_GET['login']) ) { - Session::init(); -} +Session::init(); # Start Poche $poche = new Poche(); @@ -122,6 +120,7 @@ if (Session::isLogged()) { } else { $tpl_file = Tools::getTplFile('login'); $tpl_vars['http_auth'] = 0; + Session::logout(); } # because messages can be added in $poche->action(), we have to add this entry now (we can add it before)