From: Michael Vogel Date: Tue, 22 Dec 2015 10:25:37 +0000 (+0100) Subject: Merge remote-tracking branch 'upstream/develop' into 1512-ostatus-comment X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=307beb47fd4930c665cb7d3032ca4405900af43d;p=friendica.git Merge remote-tracking branch 'upstream/develop' into 1512-ostatus-comment Conflicts: include/ostatus.php --- 307beb47fd4930c665cb7d3032ca4405900af43d diff --cc include/auth.php index 4c695cc1e3,4c695cc1e3..385f9f0cee --- a/include/auth.php +++ b/include/auth.php @@@ -5,6 -5,6 +5,8 @@@ require_once('include/security.php') require_once('include/datetime.php'); function nuke_session() { ++ session_unset(); ++/* new_cookie(0); // make sure cookie is deleted on browser close, as a security measure unset($_SESSION['authenticated']); @@@ -20,10 -20,10 +22,11 @@@ unset($_SESSION['my_address']); unset($_SESSION['addr']); unset($_SESSION['return_url']); ++*/ } --// login/logout ++// login/logout @@@ -31,7 -31,7 +34,7 @@@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-params'))) || ($_POST['auth-params'] !== 'login'))) { if(((x($_POST,'auth-params')) && ($_POST['auth-params'] === 'logout')) || ($a->module === 'logout')) { -- ++ // process logout request call_hooks("logging_out"); nuke_session(); @@@ -203,9 -203,9 +206,14 @@@ else } function new_cookie($time) { ++ $a = get_app(); ++ $old_sid = session_id(); -- session_set_cookie_params("$time"); ++ session_set_cookie_params($time); ++ //session_set_cookie_params($time, "/", $a->get_hostname()); session_regenerate_id(false); q("UPDATE session SET sid = '%s' WHERE sid = '%s'", dbesc(session_id()), dbesc($old_sid)); ++ ++ logger("Session parameter lifetime: ".$time." - got: ".print_r(session_get_cookie_params(), true), LOGGER_DEBUG); } diff --cc include/session.php index dda84e77a8,6632b7e89a..11641d6cea --- a/include/session.php +++ b/include/session.php @@@ -79,7 -72,7 +79,7 @@@ ini_set('session.gc_probability', $gc_p ini_set('session.use_only_cookies', 1); ini_set('session.cookie_httponly', 1); -- --session_set_save_handler ('ref_session_open', 'ref_session_close', - 'ref_session_read', 'ref_session_write', - 'ref_session_destroy', 'ref_session_gc'); - 'ref_session_read', 'ref_session_write', - 'ref_session_destroy', 'ref_session_gc'); ++if (!get_config('system', 'disable_database_session')) ++ session_set_save_handler('ref_session_open', 'ref_session_close', ++ 'ref_session_read', 'ref_session_write', ++ 'ref_session_destroy', 'ref_session_gc');