diff options
author | Dries Buytaert <dries@buytaert.net> | 2010-07-07 13:52:00 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2010-07-07 13:52:00 +0000 |
commit | 5a904b80c1437b0946d5348ff2d5e313763a2ab5 (patch) | |
tree | 76a83f66ec1f3db4ecbed5fa0c3210b54a8f94f0 /includes/session.inc | |
parent | 328f1723d5a9260ae1df7d9cfa900f7360498977 (diff) | |
download | brdo-5a904b80c1437b0946d5348ff2d5e313763a2ab5.tar.gz brdo-5a904b80c1437b0946d5348ff2d5e313763a2ab5.tar.bz2 |
- Patch #846330 by JacobSingh, Gábor Hojtsy: impossible to log in with default PHP settings due to cookie lifetime.
Diffstat (limited to 'includes/session.inc')
-rw-r--r-- | includes/session.inc | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/includes/session.inc b/includes/session.inc index e170e1b3f..2da11e7ce 100644 --- a/includes/session.inc +++ b/includes/session.inc @@ -309,7 +309,10 @@ function drupal_session_regenerate() { } $params = session_get_cookie_params(); $session_id = drupal_hash_base64(uniqid(mt_rand(), TRUE) . drupal_random_bytes(55)); - setcookie($insecure_session_name, $session_id, REQUEST_TIME + $params['lifetime'], $params['path'], $params['domain'], FALSE, $params['httponly']); + // If the session cookie lifetime is set, the session will expire $params['lifetime'] seconds from the current request. + // If it is not set, it will expire when the browser is closed. + $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0; + setcookie($insecure_session_name, $session_id, $expire, $params['path'], $params['domain'], FALSE, $params['httponly']); $_COOKIE[$insecure_session_name] = $session_id; } @@ -320,7 +323,8 @@ function drupal_session_regenerate() { if (isset($old_session_id)) { $params = session_get_cookie_params(); - setcookie(session_name(), session_id(), REQUEST_TIME + $params['lifetime'], $params['path'], $params['domain'], $params['secure'], $params['httponly']); + $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0; + setcookie(session_name(), session_id(), $expire, $params['path'], $params['domain'], $params['secure'], $params['httponly']); $fields = array('sid' => session_id()); if ($is_https) { $fields['ssid'] = session_id(); |