(bug 6464) Check for session id collisions by checking cookie user ID against session...

author Aaron Schulz <aaron@users.mediawiki.org>

Mon, 13 Oct 2008 18:41:09 +0000 (18:41 +0000)

committer Aaron Schulz <aaron@users.mediawiki.org>

Mon, 13 Oct 2008 18:41:09 +0000 (18:41 +0000)
author Aaron Schulz <aaron@users.mediawiki.org>
Mon, 13 Oct 2008 18:41:09 +0000 (18:41 +0000)
committer Aaron Schulz <aaron@users.mediawiki.org>
Mon, 13 Oct 2008 18:41:09 +0000 (18:41 +0000)
diff --git a/includes/User.php b/includes/User.php

index 51959c5..450ec0f 100644 (file)
--- a/includes/User.php
+++ b/includes/User.php
@@ -800,31 +800,25 @@ class User {
                         return $result;
                 }
  
-               if ( isset( $_SESSION['wsUserID'] ) ) {
-                       if ( 0 != $_SESSION['wsUserID'] ) {
+               if ( isset( $_COOKIE["{$wgCookiePrefix}UserID"] ) ) {
+                       $sId = intval( $_COOKIE["{$wgCookiePrefix}UserID"] );
+                       if( isset( $_SESSION['wsUserID'] ) && $sId != $_SESSION['wsUserID'] ) {
+                               $this->loadDefaults(); // Possible collision!
+                               return false;
+                       }
+                       $_SESSION['wsUserID'] = $sId;
+               } else if ( isset( $_SESSION['wsUserID'] ) ) {
+                       if ( $_SESSION['wsUserID'] != 0 ) {
                                 $sId = $_SESSION['wsUserID'];
                         } else {
                                 $this->loadDefaults();
                                 return false;
                         }
-               } else if ( isset( $_COOKIE["{$wgCookiePrefix}UserID"] ) ) {
-                       $sId = intval( $_COOKIE["{$wgCookiePrefix}UserID"] );
-                       $_SESSION['wsUserID'] = $sId;
                 } else {
                         $this->loadDefaults();
                         return false;
                 }
-               /*
-               if ( isset( $_SESSION['wsUserName'] ) && isset( $_COOKIE["{$wgCookiePrefix}UserName"] ) ) {
-                       // Cookie and session username should match
-                       if( $_SESSION['wsUserName'] == $_COOKIE["{$wgCookiePrefix}UserName"] ) {
-                               $sName = $_SESSION['wsUserName'];
-                       } else {
-                               $this->loadDefaults();
-                               return false;
-                       }
-               } 
-               */
+
                 if ( isset( $_SESSION['wsUserName'] ) ) {
                         $sName = $_SESSION['wsUserName'];
                 } else if ( isset( $_COOKIE["{$wgCookiePrefix}UserName"] ) ) {
author	Aaron Schulz <aaron@users.mediawiki.org>
	Mon, 13 Oct 2008 18:41:09 +0000 (18:41 +0000)
committer	Aaron Schulz <aaron@users.mediawiki.org>
	Mon, 13 Oct 2008 18:41:09 +0000 (18:41 +0000)