From 9ce7a5546c6d9cca8aa8be524d43c735e2bd7182 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Thu, 4 Apr 2013 15:33:14 +0400
Subject: implement some tweaks to session handling; properly remove session
 cookie if invalid/login failed

---
 include/sessions.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'include/sessions.php')

diff --git a/include/sessions.php b/include/sessions.php
index 0edda4ec7..402e8b8de 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -15,10 +15,11 @@
 		ini_set("session.cookie_secure", true);
 	}
 
-	ini_set("session.gc_probability", 50);
+	ini_set("session.gc_probability", 75);
 	ini_set("session.name", $session_name);
 	ini_set("session.use_only_cookies", true);
 	ini_set("session.gc_maxlifetime", $session_expire);
+	ini_set("session.cookie_lifetime", min(0, SESSION_COOKIE_LIFETIME));
 
 	global $session_connection;
 
@@ -181,8 +182,8 @@
 			"ttrss_destroy", "ttrss_gc");
 	}
 
-	if (!defined('TTRSS_SESSION_NAME') || TTRSS_SESSION_NAME != 'ttrss_api_sid') {
-		if (isset($_COOKIE[$session_name])) {
+	if (!defined('NO_SESSION_AUTOSTART')) {
+		if (isset($_COOKIE[session_name()])) {
 			@session_start();
 		}
 	}
-- 
cgit v1.2.3-54-g00ecf