1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-11 11:13:59 +02:00

[ticket/16207] Stop forcing session id in URLs

PHPBB3-16207
This commit is contained in:
Marc Alexander
2021-07-17 21:27:12 +02:00
parent a207454692
commit 5b68527eec
7 changed files with 8 additions and 18 deletions

View File

@@ -272,8 +272,8 @@ class session
$this->cookie_data['k'] = $request->variable($config['cookie_name'] . '_k', '', false, \phpbb\request\request_interface::COOKIE);
$this->session_id = $request->variable($config['cookie_name'] . '_sid', '', false, \phpbb\request\request_interface::COOKIE);
$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
$_SID = (defined('NEED_SID')) ? $this->session_id : '';
$SID = '?sid=';
$_SID = '';
if (empty($this->session_id))
{
@@ -343,14 +343,6 @@ class session
}
}
// if no session id is set, redirect to index.php
$session_id = $request->variable('sid', '');
if (defined('NEED_SID') && (empty($session_id) || $this->session_id !== $session_id))
{
send_status_line(401, 'Unauthorized');
redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
}
// if session id is set
if (!empty($this->session_id))
{