fixed session bugs

pandora_console/include/config_process.php

@@ -171,19 +171,21 @@ require_once ($ownDir. 'functions_config.php');
 
 date_default_timezone_set("Europe/Madrid");
 
+//////////////////////////////////////
+//// PLEASE DO NOT CHANGE ORDER //////
+//////////////////////////////////////
+require_once ($config["homedir"].'/include/load_session.php');
+
+if (empty(session_id())) session_start();
 
 config_process_config();
-
 config_prepare_session();
-require_once ($config["homedir"].'/include/load_session.php');
-if(session_id() == '') {
-	$resultado = session_start();
-}
 
 // Set a the system timezone default 
 if ((!isset($config["timezone"])) OR ($config["timezone"] == "")) {
 	$config["timezone"] = "Europe/Berlin";
 }
+////////////////////////////////////////
 
 date_default_timezone_set($config["timezone"]);
 

pandora_console/include/functions_config.php

@@ -2329,11 +2329,7 @@ function config_prepare_session() {
 	else
 		$sessionCookieExpireTime *= 60;
 
-	@ini_set('session.gc_maxlifetime', $sessionCookieExpireTime);
-	@session_set_cookie_params ($sessionCookieExpireTime);
-
 	// Reset the expiration time upon page load //session_name() is default name of session PHPSESSID
-
 	if (isset($_COOKIE[session_name()]))
 		setcookie(session_name(), $_COOKIE[session_name()], time() + $sessionCookieExpireTime, "/");
 

pandora_console/include/load_session.php

@@ -77,6 +77,6 @@ function pandora_session_gc ($max_lifetime = 300) {
 	return $retval;
 }
 
-$result_handler = @session_set_save_handler ('pandora_session_open', 'pandora_session_close', 'pandora_session_read', 'pandora_session_write', 'pandora_session_destroy', 'pandora_session_gc'); 
+$result_handler = session_set_save_handler ('pandora_session_open', 'pandora_session_close', 'pandora_session_read', 'pandora_session_write', 'pandora_session_destroy', 'pandora_session_gc'); 
 
 ?>

pandora_console/index.php

@@ -105,10 +105,9 @@ if ((! file_exists ("include/config.php")) || (! is_readable ("include/config.ph
 	exit;
 }
 
-// Real start
-if(session_id() == '') {
-	session_start ();
-}
+//////////////////////////////////////
+//// PLEASE DO NOT CHANGE ORDER //////
+//////////////////////////////////////
 require_once ("include/config.php");
 require_once ("include/functions_config.php");
 
@@ -126,6 +125,7 @@ if ($config['metaconsole'] == 1 && $config['enterprise_installed'] == 1) {
 if (file_exists (ENTERPRISE_DIR . "/include/functions_login.php")) {
 	include_once (ENTERPRISE_DIR . "/include/functions_login.php");
 }
+////////////////////////////////////////
 
 if (!empty ($config["https"]) && empty ($_SERVER['HTTPS'])) {
 	$query = '';
@@ -564,6 +564,7 @@ if (! isset ($config['id_user'])) {
 		if($home_page == 'Visual console') unset($query_params_redirect["sec2"]);
 		$redirect_url = '?1=1';
 		foreach ($query_params_redirect as $key => $value) {
+			if ($key == "login") continue;
 			$redirect_url .= '&'.safe_url_extraclean($key).'='.safe_url_extraclean($value);
 		}
 		header("Location: ".$config['homeurl']."index.php".$redirect_url);
@@ -810,8 +811,11 @@ if (isset ($_GET["bye"])) {
 	$iduser = $_SESSION["id_usuario"];
 	db_logoff ($iduser, $_SERVER['REMOTE_ADDR']);
 	// Unregister Session (compatible with 5.2 and 6.x, old code was deprecated
-	unset($_SESSION['id_usuario']);
-	unset($iduser);
+	$_SESSION = array();
+	session_destroy();
+	header_remove("Set-Cookie");
+	setcookie(session_name(), $_COOKIE[session_name()], time() - 4800, "/");
+
 	if ($config['auth'] == 'saml') {
 		require_once($config['saml_path'] . 'simplesamlphp/lib/_autoload.php');
 		$as = new SimpleSAML_Auth_Simple('PandoraFMS');