From cc29e27acc04511b943c5dcab85b1ce215ac2e49 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sat, 12 Mar 2016 19:53:07 -0800 Subject: issue #320 - regression, after removing channel attached to an authenticated session the session was not completely cleared. --- include/Contact.php | 5 ++--- include/auth.php | 27 --------------------------- include/session.php | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 34 insertions(+), 30 deletions(-) (limited to 'include') diff --git a/include/Contact.php b/include/Contact.php index 611371db6..1c61470e1 100644 --- a/include/Contact.php +++ b/include/Contact.php @@ -263,7 +263,7 @@ function rrmdir($path) return false; } -function channel_remove($channel_id, $local = true, $unset_session=true) { +function channel_remove($channel_id, $local = true, $unset_session=false) { if(! $channel_id) return; @@ -389,8 +389,7 @@ function channel_remove($channel_id, $local = true, $unset_session=true) { proc_run('php','include/directory.php',$channel_id); if($channel_id == local_channel() && $unset_session) { - unset($_SESSION['authenticated']); - unset($_SESSION['uid']); + nuke_session(); goaway($a->get_baseurl()); } diff --git a/include/auth.php b/include/auth.php index 4f0c4c928..1a7110c20 100644 --- a/include/auth.php +++ b/include/auth.php @@ -12,33 +12,6 @@ require_once('include/api_auth.php'); require_once('include/security.php'); -/** - * @brief Resets the current session. - * - * @return void - */ -function nuke_session() { - new_cookie(0); // 0 means delete on browser exit - - unset($_SESSION['authenticated']); - unset($_SESSION['account_id']); - unset($_SESSION['uid']); - unset($_SESSION['visitor_id']); - unset($_SESSION['administrator']); - unset($_SESSION['cid']); - unset($_SESSION['theme']); - unset($_SESSION['mobile_theme']); - unset($_SESSION['show_mobile']); - unset($_SESSION['page_flags']); - unset($_SESSION['delegate']); - unset($_SESSION['delegate_channel']); - unset($_SESSION['my_url']); - unset($_SESSION['my_address']); - unset($_SESSION['addr']); - unset($_SESSION['return_url']); - unset($_SESSION['remote_service_class']); - unset($_SESSION['remote_hub']); -} /** * @brief Verify login credentials. diff --git a/include/session.php b/include/session.php index 43bba528b..6060e4712 100644 --- a/include/session.php +++ b/include/session.php @@ -12,6 +12,38 @@ $session_exists = 0; $session_expire = 180000; + +/** + * @brief Resets the current session. + * + * @return void + */ + +function nuke_session() { + new_cookie(0); // 0 means delete on browser exit + + unset($_SESSION['authenticated']); + unset($_SESSION['account_id']); + unset($_SESSION['uid']); + unset($_SESSION['visitor_id']); + unset($_SESSION['administrator']); + unset($_SESSION['cid']); + unset($_SESSION['theme']); + unset($_SESSION['mobile_theme']); + unset($_SESSION['show_mobile']); + unset($_SESSION['page_flags']); + unset($_SESSION['delegate']); + unset($_SESSION['delegate_channel']); + unset($_SESSION['my_url']); + unset($_SESSION['my_address']); + unset($_SESSION['addr']); + unset($_SESSION['return_url']); + unset($_SESSION['remote_service_class']); + unset($_SESSION['remote_hub']); +} + + + function new_cookie($time) { $old_sid = session_id(); -- cgit v1.2.3