From c3397a2c73273ba5414d976ab7f45ae5e71a8a33 Mon Sep 17 00:00:00 2001
From: nikrou <nikrou@piwigo.org>
Date: Sun, 15 Jan 2006 13:45:42 +0000
Subject: Improve security of sessions: - use only cookies to store session id
 on client side - use default php session system with database handler to
 store sessions on server side

git-svn-id: http://piwigo.org/svn/trunk@1004 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 identification.php | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'identification.php')

diff --git a/identification.php b/identification.php
index c55e009ed..223e6c1e9 100644
--- a/identification.php
+++ b/identification.php
@@ -51,8 +51,9 @@ SELECT '.$conf['user_fields']['id'].' AS id,
     {
       $session_length = $conf['remember_me_length'];
     }
-    $session_id = session_create($row['id'], $session_length);
-    redirect('category.php?id='.$session_id);
+    session_start();
+    $_SESSION['id'] = $row['id'];
+    redirect('category.php');
   }
   else
   {
@@ -80,11 +81,11 @@ $template->assign_vars(
     'L_FORGET' => $lang['ident_forgotten_password'],
     'L_REMEMBER_ME'=>$lang['remember_me'],
 
-    'U_REGISTER' => add_session_id(PHPWG_ROOT_PATH.'register.php'),
-    'U_LOST_PASSWORD' => add_session_id(PHPWG_ROOT_PATH.'password.php'),
-    'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php'),
+    'U_REGISTER' => PHPWG_ROOT_PATH.'register.php',
+    'U_LOST_PASSWORD' => PHPWG_ROOT_PATH.'password.php',
+    'U_HOME' => PHPWG_ROOT_PATH.'category.php',
     
-    'F_LOGIN_ACTION' => add_session_id(PHPWG_ROOT_PATH.'identification.php')
+    'F_LOGIN_ACTION' => PHPWG_ROOT_PATH.'identification.php'
     ));
 
 if ($conf['authorize_remembering'])
-- 
cgit v1.2.3