aboutsummaryrefslogtreecommitdiffstats
path: root/identification.php
diff options
context:
space:
mode:
authornikrou <nikrou@piwigo.org>2006-01-15 13:45:42 +0000
committernikrou <nikrou@piwigo.org>2006-01-15 13:45:42 +0000
commitc3397a2c73273ba5414d976ab7f45ae5e71a8a33 (patch)
treee59456bdf40caf57ca5d3586190c3b3f6e8eb463 /identification.php
parentb223bb495dbfa1611766cdc528c9eb1af56c43e3 (diff)
Improve security of sessions:
- use only cookies to store session id on client side - use default php session system with database handler to store sessions on server side git-svn-id: http://piwigo.org/svn/trunk@1004 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--identification.php13
1 files changed, 7 insertions, 6 deletions
diff --git a/identification.php b/identification.php
index c55e009ed..223e6c1e9 100644
--- a/identification.php
+++ b/identification.php
@@ -51,8 +51,9 @@ SELECT '.$conf['user_fields']['id'].' AS id,
{
$session_length = $conf['remember_me_length'];
}
- $session_id = session_create($row['id'], $session_length);
- redirect('category.php?id='.$session_id);
+ session_start();
+ $_SESSION['id'] = $row['id'];
+ redirect('category.php');
}
else
{
@@ -80,11 +81,11 @@ $template->assign_vars(
'L_FORGET' => $lang['ident_forgotten_password'],
'L_REMEMBER_ME'=>$lang['remember_me'],
- 'U_REGISTER' => add_session_id(PHPWG_ROOT_PATH.'register.php'),
- 'U_LOST_PASSWORD' => add_session_id(PHPWG_ROOT_PATH.'password.php'),
- 'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php'),
+ 'U_REGISTER' => PHPWG_ROOT_PATH.'register.php',
+ 'U_LOST_PASSWORD' => PHPWG_ROOT_PATH.'password.php',
+ 'U_HOME' => PHPWG_ROOT_PATH.'category.php',
- 'F_LOGIN_ACTION' => add_session_id(PHPWG_ROOT_PATH.'identification.php')
+ 'F_LOGIN_ACTION' => PHPWG_ROOT_PATH.'identification.php'
));
if ($conf['authorize_remembering'])