- Patch #846330 by JacobSingh, Gábor Hojtsy: impossible to log in with default...

- Patch #846330 by JacobSingh, Gábor Hojtsy: impossible to log in with default PHP settings due to cookie lifetime.

- Patch #846330 by JacobSingh, Gábor Hojtsy: impossible to log in with default...
5a904b80 · Dries Buytaert · 328f1723 · 5a904b80
Commit 5a904b80 authored 14 years ago by Dries Buytaert
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -309,7 +309,10 @@ function drupal_session_regenerate() {
    }
    $params = session_get_cookie_params();
    $session_id = drupal_hash_base64(uniqid(mt_rand(), TRUE) . drupal_random_bytes(55));
-    setcookie($insecure_session_name, $session_id, REQUEST_TIME + $params['lifetime'], $params['path'], $params['domain'], FALSE, $params['httponly']);
+    // If the session cookie lifetime is set, the session will expire $params['lifetime'] seconds from the current request.
+    // If it is not set, it will expire when the browser is closed.
+    $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
+    setcookie($insecure_session_name, $session_id, $expire, $params['path'], $params['domain'], FALSE, $params['httponly']);
    $_COOKIE[$insecure_session_name] = $session_id;
  }

@@ -320,7 +323,8 @@ function drupal_session_regenerate() {

  if (isset($old_session_id)) {
    $params = session_get_cookie_params();
-    setcookie(session_name(), session_id(), REQUEST_TIME + $params['lifetime'], $params['path'], $params['domain'], $params['secure'], $params['httponly']);
+    $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
+    setcookie(session_name(), session_id(), $expire, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
    $fields = array('sid' => session_id());
    if ($is_https) {
      $fields['ssid'] = session_id();