From e940aea40842bfcf6db8c09bba3135cb9cb5eef9 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sat, 19 Mar 2011 19:21:52 +0100
Subject: bind non-sticky logins to the session id FS#2202

---
 inc/auth.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/inc/auth.php b/inc/auth.php
index 85c8cfd7b..53376be34 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -189,7 +189,9 @@ function auth_login($user,$pass,$sticky=false,$silent=false){
         if ($auth->checkPass($user,$pass)){
             // make logininfo globally available
             $_SERVER['REMOTE_USER'] = $user;
-            auth_setCookie($user,PMA_blowfish_encrypt($pass,auth_cookiesalt()),$sticky);
+            $secret = auth_cookiesalt();
+            if(!$sticky) $secret .= session_id; //bind non-sticky to session
+            auth_setCookie($user,PMA_blowfish_encrypt($pass,$secret),$sticky);
             return true;
         }else{
             //invalid credentials - log off
@@ -218,7 +220,9 @@ function auth_login($user,$pass,$sticky=false,$silent=false){
                 return true;
             }
             // no we don't trust it yet - recheck pass but silent
-            $pass = PMA_blowfish_decrypt($pass,auth_cookiesalt());
+            $secret = auth_cookiesalt();
+            if(!$sticky) $secret .= session_id(); //bind non-sticky to session
+            $pass = PMA_blowfish_decrypt($pass,$secret);
             return auth_login($user,$pass,$sticky,true);
         }
     }
-- 
cgit v1.2.3