Commit 5160620c authored by Andrew Dolgov's avatar Andrew Dolgov

only autostart session if login cookie exists

parent f820f205
......@@ -46,10 +46,9 @@
if ($_REQUEST["sid"]) {
session_id($_REQUEST["sid"]);
@session_start();
}
@session_start();
if (!init_connection($link)) return;
$method = strtolower($_REQUEST["op"]);
......
......@@ -47,6 +47,8 @@ class API extends Handler {
}
function login() {
@session_start();
$login = db_escape_string($this->link, $_REQUEST["user"]);
$password = $_REQUEST["password"];
$password_base64 = base64_decode($_REQUEST["password"]);
......
......@@ -481,6 +481,8 @@ class Handler_Public extends Handler {
function login() {
@session_start();
$_SESSION["prefs_cache"] = array();
if (!SINGLE_USER_MODE) {
......
......@@ -105,6 +105,8 @@
session_set_cookie_params(SESSION_COOKIE_LIFETIME);
if (!defined('TTRSS_SESSION_NAME') || TTRSS_SESSION_NAME != 'ttrss_api_sid') {
@session_start();
if ($_COOKIE[$session_name]) {
@session_start();
}
}
?>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment