diff options
| -rw-r--r-- | inc/auth.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/inc/auth.php b/inc/auth.php index 85c8cfd7b..53376be34 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -189,7 +189,9 @@ function auth_login($user,$pass,$sticky=false,$silent=false){ if ($auth->checkPass($user,$pass)){ // make logininfo globally available $_SERVER['REMOTE_USER'] = $user; - auth_setCookie($user,PMA_blowfish_encrypt($pass,auth_cookiesalt()),$sticky); + $secret = auth_cookiesalt(); + if(!$sticky) $secret .= session_id; //bind non-sticky to session + auth_setCookie($user,PMA_blowfish_encrypt($pass,$secret),$sticky); return true; }else{ //invalid credentials - log off @@ -218,7 +220,9 @@ function auth_login($user,$pass,$sticky=false,$silent=false){ return true; } // no we don't trust it yet - recheck pass but silent - $pass = PMA_blowfish_decrypt($pass,auth_cookiesalt()); + $secret = auth_cookiesalt(); + if(!$sticky) $secret .= session_id(); //bind non-sticky to session + $pass = PMA_blowfish_decrypt($pass,$secret); return auth_login($user,$pass,$sticky,true); } } |