mirror of
https://github.com/phpbb/phpbb.git
synced 2025-08-11 11:13:59 +02:00
[ticket/16207] Stop forcing session id in URLs
PHPBB3-16207
This commit is contained in:
@@ -272,8 +272,8 @@ class session
|
||||
$this->cookie_data['k'] = $request->variable($config['cookie_name'] . '_k', '', false, \phpbb\request\request_interface::COOKIE);
|
||||
$this->session_id = $request->variable($config['cookie_name'] . '_sid', '', false, \phpbb\request\request_interface::COOKIE);
|
||||
|
||||
$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
|
||||
$_SID = (defined('NEED_SID')) ? $this->session_id : '';
|
||||
$SID = '?sid=';
|
||||
$_SID = '';
|
||||
|
||||
if (empty($this->session_id))
|
||||
{
|
||||
@@ -343,14 +343,6 @@ class session
|
||||
}
|
||||
}
|
||||
|
||||
// if no session id is set, redirect to index.php
|
||||
$session_id = $request->variable('sid', '');
|
||||
if (defined('NEED_SID') && (empty($session_id) || $this->session_id !== $session_id))
|
||||
{
|
||||
send_status_line(401, 'Unauthorized');
|
||||
redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
|
||||
}
|
||||
|
||||
// if session id is set
|
||||
if (!empty($this->session_id))
|
||||
{
|
||||
|
Reference in New Issue
Block a user