From 03724e14a3cc34e56a6a939891b9c6dbfe12e709 Mon Sep 17 00:00:00 2001
From: Aaron Schulz <aaron@users.mediawiki.org>
Date: Mon, 13 Oct 2008 18:41:09 +0000
Subject: [PATCH] (bug 6464) Check for session id collisions by checking cookie
 user ID against session user ID

---
 includes/User.php | 26 ++++++++++----------------
 1 file changed, 10 insertions(+), 16 deletions(-)

diff --git a/includes/User.php b/includes/User.php
index 51959c5882..450ec0fd25 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -800,31 +800,25 @@ class User {
 			return $result;
 		}
 
-		if ( isset( $_SESSION['wsUserID'] ) ) {
-			if ( 0 != $_SESSION['wsUserID'] ) {
+		if ( isset( $_COOKIE["{$wgCookiePrefix}UserID"] ) ) {
+			$sId = intval( $_COOKIE["{$wgCookiePrefix}UserID"] );
+			if( isset( $_SESSION['wsUserID'] ) && $sId != $_SESSION['wsUserID'] ) {
+				$this->loadDefaults(); // Possible collision!
+				return false;
+			}
+			$_SESSION['wsUserID'] = $sId;
+		} else if ( isset( $_SESSION['wsUserID'] ) ) {
+			if ( $_SESSION['wsUserID'] != 0 ) {
 				$sId = $_SESSION['wsUserID'];
 			} else {
 				$this->loadDefaults();
 				return false;
 			}
-		} else if ( isset( $_COOKIE["{$wgCookiePrefix}UserID"] ) ) {
-			$sId = intval( $_COOKIE["{$wgCookiePrefix}UserID"] );
-			$_SESSION['wsUserID'] = $sId;
 		} else {
 			$this->loadDefaults();
 			return false;
 		}
-		/*
-		if ( isset( $_SESSION['wsUserName'] ) && isset( $_COOKIE["{$wgCookiePrefix}UserName"] ) ) {
-			// Cookie and session username should match
-			if( $_SESSION['wsUserName'] == $_COOKIE["{$wgCookiePrefix}UserName"] ) {
-				$sName = $_SESSION['wsUserName'];
-			} else {
-				$this->loadDefaults();
-				return false;
-			}
-		} 
-		*/
+
 		if ( isset( $_SESSION['wsUserName'] ) ) {
 			$sName = $_SESSION['wsUserName'];
 		} else if ( isset( $_COOKIE["{$wgCookiePrefix}UserName"] ) ) {
-- 
2.20.1