- sessions are always started (even for visitors)

- thumbnail order saved in the session instead of cookie

git-svn-id: http://piwigo.org/svn/trunk@1623 68402e56-0260-453c-a942-63ccdbb3a9ee

3 files changed, 53 insertions, 14 deletions

diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index 7fdf5dde8..ba1820028 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -81,7 +81,7 @@ if (isset($conf['session_save_handler'])
 // cookie_path will return : "/meeting/gallery"
 function cookie_path()
 {
-  if ( isset($_SERVER['REDIRECT_SCRIPT_NAME']) and 
+  if ( isset($_SERVER['REDIRECT_SCRIPT_NAME']) and
        !empty($_SERVER['REDIRECT_SCRIPT_NAME']) )
   {
     $scr = $_SERVER['REDIRECT_SCRIPT_NAME'];
@@ -221,4 +221,49 @@ DELETE
   pwg_query($query);
   return true;
 }
+
+
+/**
+ * persistently stores a variable for the current session
+ * currently we use standard php sessions but it might change
+ * @return boolean true on success
+ * @see pwg_get_session_var, pwg_unset_session_var
+ */
+function pwg_set_session_var($var, $value)
+{
+  if ( !isset($_SESSION) )
+    return false;
+  $_SESSION['pwg_'.$var] = $value;
+  return true;
+}
+
+/**
+ * retrieves the value of a persistent variable for the current session
+ * currently we use standard php sessions but it might change
+ * @return mixed
+ * @see pwg_set_session_var, pwg_unset_session_var
+ */
+function pwg_get_session_var($var, $default = null)
+{
+  if (isset( $_SESSION['pwg_'.$var] ) )
+  {
+    return $_SESSION['pwg_'.$var];
+  }
+  return $default;
+}
+
+/**
+ * deletes a persistent variable for the current session
+ * currently we use standard php sessions but it might change
+ * @return boolean true on success
+ * @see pwg_set_session_var, pwg_get_session_var
+ */
+function pwg_unset_session_var($var)
+{
+  if ( !isset($_SESSION) )
+    return false;
+  unset( $_SESSION['pwg_'.$var] );
+  return true;
+}
+
 ?>
diff --git a/include/section_init.inc.php b/include/section_init.inc.php
index 7e3f87cfe..416d98849 100644
--- a/include/section_init.inc.php
+++ b/include/section_init.inc.php
@@ -297,15 +297,13 @@ while (isset($tokens[$i]))
 // By default, it is the same as the $user['nb_image_page']
 $page['nb_image_page'] = $user['nb_image_page'];
 
-if (isset($_COOKIE['pwg_image_order'])
-    and is_numeric($_COOKIE['pwg_image_order'])
-    and $_COOKIE['pwg_image_order'] > 0)
+if (pwg_get_session_var('image_order',0) > 0)
 {
   $orders = get_category_preferred_image_orders();
 
   $conf['order_by'] = str_replace(
     'ORDER BY ',
-    'ORDER BY '.$orders[ $_COOKIE['pwg_image_order'] ][1].',',
+    'ORDER BY '.$orders[ pwg_get_session_var('image_order',0) ][1].',',
     $conf['order_by']
     );
   $page['super_order_by'] = true;
diff --git a/include/user.inc.php b/include/user.inc.php
index f5c77b2f8..103052ad2 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -43,26 +43,22 @@ if (isset($_COOKIE[session_name()]))
     setcookie($conf['remember_me_name'], '', 0, cookie_path());
     redirect(make_index_url());
   }
-  elseif (empty($_SESSION['pwg_uid']))
-  { // timeout
-    setcookie(session_name(),'',0,
-        ini_get('session.cookie_path'),
-        ini_get('session.cookie_domain')
-      );
-  }
-  else
+  elseif (!empty($_SESSION['pwg_uid']))
   {
     $user['id'] = $_SESSION['pwg_uid'];
   }
 }
 
-
 // Now check the auto-login
 if ( $user['id']==$conf['guest_id'] )
 {
   auto_login();
 }
 
+if (session_id()=="")
+{
+  session_start();
+}
 
 // using Apache authentication override the above user search
 if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))