From: Michael Vogel <icarus@dabo.de>
Date: Tue, 22 Dec 2015 10:25:37 +0000 (+0100)
Subject: Merge remote-tracking branch 'upstream/develop' into 1512-ostatus-comment
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=307beb47fd4930c665cb7d3032ca4405900af43d;p=friendica.git

Merge remote-tracking branch 'upstream/develop' into 1512-ostatus-comment

Conflicts:
	include/ostatus.php
---

307beb47fd4930c665cb7d3032ca4405900af43d
diff --cc include/auth.php
index 4c695cc1e3,4c695cc1e3..385f9f0cee
--- a/include/auth.php
+++ b/include/auth.php
@@@ -5,6 -5,6 +5,8 @@@ require_once('include/security.php')
  require_once('include/datetime.php');
  
  function nuke_session() {
++	session_unset();
++/*
  	new_cookie(0); // make sure cookie is deleted on browser close, as a security measure
  
  	unset($_SESSION['authenticated']);
@@@ -20,10 -20,10 +22,11 @@@
  	unset($_SESSION['my_address']);
  	unset($_SESSION['addr']);
  	unset($_SESSION['return_url']);
++*/
  }
  
  
--// login/logout 
++// login/logout
  
  
  
@@@ -31,7 -31,7 +34,7 @@@
  if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-params'))) || ($_POST['auth-params'] !== 'login'))) {
  
  	if(((x($_POST,'auth-params')) && ($_POST['auth-params'] === 'logout')) || ($a->module === 'logout')) {
--	
++
  		// process logout request
  		call_hooks("logging_out");
  		nuke_session();
@@@ -203,9 -203,9 +206,14 @@@ else 
  }
  
  function new_cookie($time) {
++	$a = get_app();
++
  	$old_sid = session_id();
--	session_set_cookie_params("$time");
++	session_set_cookie_params($time);
++	//session_set_cookie_params($time, "/", $a->get_hostname());
  	session_regenerate_id(false);
  
  	q("UPDATE session SET sid = '%s' WHERE sid = '%s'", dbesc(session_id()), dbesc($old_sid));
++
++	logger("Session parameter lifetime: ".$time." - got: ".print_r(session_get_cookie_params(), true), LOGGER_DEBUG);
  }
diff --cc include/session.php
index dda84e77a8,6632b7e89a..11641d6cea
--- a/include/session.php
+++ b/include/session.php
@@@ -79,7 -72,7 +79,7 @@@ ini_set('session.gc_probability', $gc_p
  ini_set('session.use_only_cookies', 1);
  ini_set('session.cookie_httponly', 1);
  
--
--session_set_save_handler ('ref_session_open', 'ref_session_close',
- 			'ref_session_read', 'ref_session_write',
- 			'ref_session_destroy', 'ref_session_gc');
 -                            'ref_session_read', 'ref_session_write',
 -                            'ref_session_destroy', 'ref_session_gc');
++if (!get_config('system', 'disable_database_session'))
++	session_set_save_handler('ref_session_open', 'ref_session_close',
++				'ref_session_read', 'ref_session_write',
++				'ref_session_destroy', 'ref_session_gc');