From 83e6dcb1ce086c2d01060ce37c2a921c80632cb0 Mon Sep 17 00:00:00 2001
From: Nils Adermann <naderman@naderman.de>
Date: Thu, 10 Aug 2006 13:33:06 +0000
Subject: - removed a useless line [Bug #3656] - do not reuse session ids [Bug
 #3626] - Bug #3684 - added refresh imageset option

git-svn-id: file:///svn/phpbb/trunk@6257 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/session.php | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

(limited to 'phpBB/includes/session.php')

diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 38107d80db..3b1e43e052 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -463,8 +463,10 @@ class session
 
 		$db->sql_return_on_error(true);
 
-		$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
-			WHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
+		$sql = 'DELETE
+			FROM ' . SESSIONS_TABLE . '
+			WHERE session_id = \'' . $db->sql_escape($this->session_id) . '\'
+				AND session_user_id = ' . ANONYMOUS;
 
 		if (!$this->session_id || !$db->sql_query($sql) || !$db->sql_affectedrows())
 		{
@@ -483,15 +485,16 @@ class session
 					trigger_error('BOARD_UNAVAILABLE');
 				}
 			}
+		}
 
-			$this->session_id = $this->data['session_id'] = md5(unique_id());
+		$this->session_id = $this->data['session_id'] = md5(unique_id());
 
-			$sql_ary['session_id'] = (string) $this->session_id;
-			$sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199);
+		$sql_ary['session_id'] = (string) $this->session_id;
+		$sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199);
+
+		$sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
+		$db->sql_query($sql);
 
-			$sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
-			$db->sql_query($sql);
-		}
 		$db->sql_return_on_error(false);
 
 		// Regenerate autologin/persistent login key
-- 
cgit v1.2.1