From 74dffb3f63102eb306dc261acb905e539ac26d72 Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@osticket.com>
Date: Thu, 18 Oct 2012 13:26:25 -0400
Subject: [PATCH] Remove session_write_close() & make sure we don't destroy
current session
---
include/class.client.php | 6 ++----
include/class.staff.php | 4 +---
2 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/include/class.client.php b/include/class.client.php
index 087215ce7..a650adbbe 100644
--- a/include/class.client.php
+++ b/include/class.client.php
@@ -185,7 +185,7 @@ class Client {
$_SESSION['_client']['token'] = $user->getSessionToken();
$_SESSION['TZ_OFFSET'] = $cfg->getTZoffset();
$_SESSION['TZ_DST'] = $cfg->observeDaylightSaving();
-
+ $user->refreshSession(); //set the hash.
//Log login info...
$msg=sprintf('%s/%s logged in [%s]', $ticket->getEmail(), $ticket->getExtId(), $_SERVER['REMOTE_ADDR']);
$ost->logDebug('User login', $msg);
@@ -193,11 +193,9 @@ class Client {
//Regenerate session ID.
$sid=session_id(); //Current session id.
session_regenerate_id(TRUE); //get new ID.
- if(($session=$ost->getSession()) && is_object($session) && $sid)
+ if(($session=$ost->getSession()) && is_object($session) && $sid!=session_id())
$session->destroy($sid);
- session_write_close();
-
return $user;
}
diff --git a/include/class.staff.php b/include/class.staff.php
index 778041e7c..08e1a79e2 100644
--- a/include/class.staff.php
+++ b/include/class.staff.php
@@ -594,10 +594,8 @@ class Staff {
$sid=session_id(); //Current id
session_regenerate_id(TRUE);
//Destroy old session ID - needed for PHP version < 5.1.0 TODO: remove when we move to php 5.3 as min. requirement.
- if(($session=$ost->getSession()) && is_object($session) && $sid)
+ if(($session=$ost->getSession()) && is_object($session) && $sid!=session_id())
$session->destroy($sid);
-
- session_write_close();
return $user;
}
--
GitLab