From d0eef2a3b0569db718f43fd56ca11f85a93d64e9 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@fakecake.org>
Date: Wed, 3 Apr 2013 19:23:43 +0400
Subject: [PATCH] only destroy unlogged sessions

---
 include/functions.php | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/include/functions.php b/include/functions.php
index 05f184eaf..f4f6ed209 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -744,7 +744,9 @@
 			cache_prefs($link);
 			load_user_plugins($link, $_SESSION["uid"]);
 		} else {
-			if (!$_SESSION["uid"] || !validate_session($link)) {
+			if (!validate_session($link)) $_SESSION["uid"] = false;
+
+			if (!$_SESSION["uid"]) {
 
 				if (AUTH_AUTO_LOGIN && authenticate_user($link, null, null)) {
 				    $_SESSION["ref_schema_version"] = get_schema_version($link, true);
@@ -752,12 +754,12 @@
 					 authenticate_user($link, null, null, true);
 				}
 
-				if (!$_SESSION["uid"]) render_login_form($link);
-
-				@session_destroy();
-				setcookie(session_name(), '', time()-42000, '/');
-
-				exit;
+				if (!$_SESSION["uid"]) {
+					render_login_form($link);
+					@session_destroy();
+					setcookie(session_name(), '', time()-42000, '/');
+					exit;
+				}
 
 			} else {
 				/* bump login timestamp */
-- 
GitLab