aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/session.php6
-rwxr-xr-xindex.php2
-rw-r--r--version.inc2
3 files changed, 7 insertions, 3 deletions
diff --git a/include/session.php b/include/session.php
index be1ec5ee7..b531688e2 100644
--- a/include/session.php
+++ b/include/session.php
@@ -11,7 +11,11 @@ $session_expire = 180000;
function new_cookie($time) {
$old_sid = session_id();
- session_set_cookie_params("$time");
+
+// ??? This shouldn't have any effect if called after session_start()
+// We probably need to set the session expiration and change the PHPSESSID cookie.
+
+ session_set_cookie_params($time);
session_regenerate_id(false);
q("UPDATE session SET sid = '%s' WHERE sid = '%s'", dbesc(session_id()), dbesc($old_sid));
diff --git a/index.php b/index.php
index a07c1a633..5f0ff9834 100755
--- a/index.php
+++ b/index.php
@@ -60,7 +60,7 @@ if(! $a->install) {
if(intval($a->config['system']['ssl_cookie_protection'])) {
$arr = session_get_cookie_params();
session_set_cookie_params(
- ((isset($arr['lifetime'])) ? $arr['lifetime'] : 60*5),
+ ((isset($arr['lifetime'])) ? $arr['lifetime'] : 0),
((isset($arr['path'])) ? $arr['path'] : '/'),
((isset($arr['domain'])) ? $arr['domain'] : $a->get_hostname()),
((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
diff --git a/version.inc b/version.inc
index 0cb3f0576..a7de0fb96 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2014-05-11.672
+2014-05-12.673