summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMax Kremmel <xing@synapse.plus.com>2007-11-01 11:05:32 +0000
committerMax Kremmel <xing@synapse.plus.com>2007-11-01 11:05:32 +0000
commit6005157843cfd7b6374e5dd8526d7cdf4d2bd3b0 (patch)
tree7aeefee08c0cda6f657e33bbfe28fda8852e970d
parentfa4e76f105ea9c94df8247e1d77fe7be79ec0e73 (diff)
downloadusers-6005157843cfd7b6374e5dd8526d7cdf4d2bd3b0.tar.gz
users-6005157843cfd7b6374e5dd8526d7cdf4d2bd3b0.tar.bz2
users-6005157843cfd7b6374e5dd8526d7cdf4d2bd3b0.zip
make sure we updateSession with new session_id and don't use old session_id stored in the cookie - even when using authentication methods other than bitweaver authentication.
-rw-r--r--BitUser.php11
1 files changed, 6 insertions, 5 deletions
diff --git a/BitUser.php b/BitUser.php
index f4d41e9..9d17c40 100644
--- a/BitUser.php
+++ b/BitUser.php
@@ -1,6 +1,6 @@
<?php
/**
- * $Header: /cvsroot/bitweaver/_bit_users/BitUser.php,v 1.158 2007/10/26 13:26:50 nickpalmer Exp $
+ * $Header: /cvsroot/bitweaver/_bit_users/BitUser.php,v 1.159 2007/11/01 11:05:32 squareing Exp $
*
* Lib for user administration, groups and permissions
* This lib uses pear so the constructor requieres
@@ -12,7 +12,7 @@
* All Rights Reserved. See copyright.txt for details and a complete list of authors.
* Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details
*
- * $Id: BitUser.php,v 1.158 2007/10/26 13:26:50 nickpalmer Exp $
+ * $Id: BitUser.php,v 1.159 2007/11/01 11:05:32 squareing Exp $
* @package users
*/
@@ -40,7 +40,7 @@ define("ACCOUNT_DISABLED", -6);
* Class that holds all information for a given user
*
* @author spider <spider@steelsun.com>
- * @version $Revision: 1.158 $
+ * @version $Revision: 1.159 $
* @package users
* @subpackage BitUser
*/
@@ -759,8 +759,9 @@ class BitUser extends LibertyAttachable {
$cookie_path = $gBitSystem->getConfig('cookie_path', $cookie_path);
$cookie_domain = $gBitSystem->getConfig('cookie_domain', $cookie_domain);
}
- setcookie( $user_cookie_site, session_id(), $cookie_time, $cookie_path, $cookie_domain );
- $this->updateSession( $_COOKIE[$user_cookie_site] );
+ $session_id = session_id();
+ setcookie( $user_cookie_site, $session_id, $cookie_time, $cookie_path, $cookie_domain );
+ $this->updateSession( $session_id );
}
} else {
$this->mUserId = ANONYMOUS_USER_ID;