summaryrefslogtreecommitdiffstats
path: root/lib/class/vauth.class.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/class/vauth.class.php')
-rw-r--r--lib/class/vauth.class.php27
1 files changed, 19 insertions, 8 deletions
diff --git a/lib/class/vauth.class.php b/lib/class/vauth.class.php
index 2eb6c8fe..bafceab0 100644
--- a/lib/class/vauth.class.php
+++ b/lib/class/vauth.class.php
@@ -243,13 +243,21 @@ class vauth {
public static function session_create($data) {
// Regenerate the session ID to prevent fixation
- session_regenerate_id();
-
- // Create our cookie!
- self::create_cookie();
-
- // Before refresh we don't have the cookie so we have to use session ID
- $key = session_id();
+ switch ($data['type']) {
+ case 'xml-rpc':
+ case 'api':
+ $key = md5(uniqid(rand(), true));
+ break;
+ case 'mysql':
+ default:
+ // Create our cookie!
+ self::create_cookie();
+
+ // Before refresh we don't have the cookie so we have to use session ID
+ $key = session_id();
+ session_regenerate_id();
+ break;
+ }
$username = Dba::escape($data['username']);
$ip = Dba::escape(ip2int($_SERVER['REMOTE_ADDR']));
@@ -268,9 +276,12 @@ class vauth {
if (!$db_results) {
debug_event('SESSION',"Session Creation Failed with Query: $sql and " . Dba::error(),'1');
+ return false;
}
- return $db_results;
+ debug_event('SESSION','Session Created:' . $key,'1');
+
+ return $key;
} // session_create
generated by cgit (git 2.34.1) at 2025-08-13 23:30:39 +0000