From 6571f3bf10160c9c5059e985b701c511428cb969 Mon Sep 17 00:00:00 2001
From: aydreeihn <adriane@enhancesoft.com>
Date: Fri, 9 Mar 2018 08:32:04 -0600
Subject: [PATCH] login: Fix CSRF fail, add shake effect on authentication fail
 #3955 (minor fix to SQL query generated)

---
 include/class.ostsession.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/include/class.ostsession.php b/include/class.ostsession.php
index 609bfda00..2c3999041 100644
--- a/include/class.ostsession.php
+++ b/include/class.ostsession.php
@@ -183,10 +183,12 @@ extends SessionBackend {
     function read($id) {
         try {
             $this->data = SessionData::objects()
-                ->filter(['session_id' => $id])
-                ->annotate(['age' => SqlFunction::NOW()->minus(new SqlField('session_expire'))])
-                ->one();
-            if ($this->data->age > 0) {
+              ->filter(['session_id' => $id])
+              ->annotate(array('is_expired' =>
+                new SqlExpr(new Q(array('session_expire__lt' => SqlFunction::NOW())))))
+              ->one();
+
+            if ($this->data->is_expired > 0) {
                 // session_expire is in the past. Pretend it is expired and
                 // reset the data. This will assist with CSRF issues
                 $this->data->session_data='';
-- 
GitLab