diff --git a/include/class.auth.php b/include/class.auth.php
index a4f32d86bfc3ed88e9fd100a2309cbd58a172a41..e7b299a988743d945733a03fe2438bebbe144077 100644
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -320,15 +320,6 @@ abstract class StaffAuthenticationBackend extends AuthenticationBackend {
$_SESSION['TZ_OFFSET'] = $staff->getTZoffset();
$_SESSION['TZ_DST'] = $staff->observeDaylight();
- //Regenerate session id.
- $sid = session_id(); //Current id
- session_regenerate_id(true);
- // Destroy old session ID - needed for PHP version < 5.1.0
- // DELME: remove when we move to php 5.3 as min. requirement.
- if(($session=$ost->getSession()) && is_object($session)
- && $sid!=session_id())
- $session->destroy($sid);
-
Signal::send('auth.login.succeeded', $staff);
$staff->cancelResetTokens();
@@ -365,16 +356,14 @@ abstract class StaffAuthenticationBackend extends AuthenticationBackend {
list($id, $auth) = explode(':', $_SESSION['_auth']['staff']['key']);
if (!($bk=static::getBackend($id)) //get the backend
- || !$bk->supportsAuthentication() //Make sure it can authenticate
|| !($staff = $bk->validate($auth)) //Get AuthicatedUser
|| !($staff instanceof Staff)
|| $staff->getId() != $_SESSION['_auth']['staff']['id'] // check ID
- )
+ )
return null;
$staff->setAuthKey($_SESSION['_auth']['staff']['key']);
-
return $staff;
}
@@ -446,12 +435,6 @@ abstract class UserAuthenticationBackend extends AuthenticationBackend {
$user->getUserName(), $user->getId(), $_SERVER['REMOTE_ADDR']);
$ost->logDebug('User login', $msg);
- //Regenerate session ID.
- $sid=session_id(); //Current session id.
- session_regenerate_id(TRUE); //get new ID.
- if(($session=$ost->getSession()) && is_object($session) && $sid!=session_id())
- $session->destroy($sid);
-
return true;
}
diff --git a/scp/login.php b/scp/login.php
index 4356aaa615683ce2f1f292fe98cc15fa9773fee5..20f53938e163334af2db7e8f83d2d0e450ac35fa 100644
--- a/scp/login.php
+++ b/scp/login.php
@@ -29,7 +29,8 @@ if($_POST) {
$username = trim($_POST['userid']);
if ($user = StaffAuthenticationBackend::process($username,
$_POST['passwd'], $errors)) {
- @header("Location: $dest");
+ session_write_close();
+ Http::redirect($dest);
require_once('index.php'); //Just incase header is messed up.
exit;
}
diff --git a/view.php b/view.php
index 2398fff5628b9e0f380d38d53304352e650ecf66..b8590aab4f5ddaa25f004123dbfcbae950965a2a 100644
--- a/view.php
+++ b/view.php
@@ -16,16 +16,13 @@
**********************************************************************/
require_once('client.inc.php');
+// Try autologin the user
+// Authenticated user can be of type ticket owner or collaborator
+$errors = array();
+$user = UserAuthenticationBackend::processSignOn($errors);
+if ($user && $user->getTicketId())
+ Http::redirect('tickets.php?id='.$user->getTicketId());
-//If the user is NOT logged in - try auto-login (if params exists).
-if (!$thisclient || !$thisclient->isValid()) {
- // Try autologin the user
- // Authenticated user can be of type ticket owner or collaborator
- $errors = array();
- $user = UserAuthenticationBackend::processSignOn($errors);
- if ($user && $user->getTicketId())
- @header('Location: tickets.php?id='.$user->getTicketId());
-}
//Simply redirecting to tickets.php until multiview is implemented.
require('tickets.php');
?>