diff options
-rw-r--r-- | include/session.php | 6 | ||||
-rwxr-xr-x | index.php | 2 | ||||
-rw-r--r-- | version.inc | 2 |
3 files changed, 7 insertions, 3 deletions
diff --git a/include/session.php b/include/session.php index be1ec5ee7..b531688e2 100644 --- a/include/session.php +++ b/include/session.php @@ -11,7 +11,11 @@ $session_expire = 180000; function new_cookie($time) { $old_sid = session_id(); - session_set_cookie_params("$time"); + +// ??? This shouldn't have any effect if called after session_start() +// We probably need to set the session expiration and change the PHPSESSID cookie. + + session_set_cookie_params($time); session_regenerate_id(false); q("UPDATE session SET sid = '%s' WHERE sid = '%s'", dbesc(session_id()), dbesc($old_sid)); @@ -60,7 +60,7 @@ if(! $a->install) { if(intval($a->config['system']['ssl_cookie_protection'])) { $arr = session_get_cookie_params(); session_set_cookie_params( - ((isset($arr['lifetime'])) ? $arr['lifetime'] : 60*5), + ((isset($arr['lifetime'])) ? $arr['lifetime'] : 0), ((isset($arr['path'])) ? $arr['path'] : '/'), ((isset($arr['domain'])) ? $arr['domain'] : $a->get_hostname()), ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false), diff --git a/version.inc b/version.inc index 0cb3f0576..a7de0fb96 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2014-05-11.672 +2014-05-12.673 |