From 692cc1e9536c8440586cbca0957dbf7d41b65f4c Mon Sep 17 00:00:00 2001
From: Loui Chang <louipc.ist@gmail.com>
Date: Mon, 17 Nov 2008 11:45:12 -0500
Subject: Make remembered sessions actually save themselves.

Also clean up a notice in index.php

Signed-off-by: Loui Chang <louipc.ist@gmail.com>
---
 web/lib/aur.inc | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

(limited to 'web/lib/aur.inc')

diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index d08ff0c..e43ddf6 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -86,10 +86,12 @@ function check_sid() {
 			$failed = 1;
 		} else {
 			$row = mysql_fetch_row($result);
-			if ($row[0] + $LOGIN_TIMEOUT <= $row[1]) {
+			$last_update = $row[0];
+			if ($last_update + $LOGIN_TIMEOUT <= $row[1]) {
 				$failed = 2;
 			}
 		}
+
 		if ($failed == 1) {
 			# clear out the hacker's cookie, and send them to a naughty page
 			# why do you have to be so harsh on these people!?
@@ -110,10 +112,17 @@ function check_sid() {
 		} else {
 			# still logged in and haven't reached the timeout, go ahead
 			# and update the idle timestamp
+
+			# Only update the timestamp if it is less than the
+			# current time plus $LOGIN_TIMEOUT.
 			#
-			$q = "UPDATE Sessions SET LastUpdateTS = UNIX_TIMESTAMP() ";
-			$q.= "WHERE SessionID = '".mysql_real_escape_string($_COOKIE["AURSID"])."'";
-			db_query($q, $dbh);
+			# This keeps 'remembered' sessions from being
+			# overwritten.
+			if ($last_update < time() + $LOGIN_TIMEOUT) {
+				$q = "UPDATE Sessions SET LastUpdateTS = UNIX_TIMESTAMP() ";
+				$q.= "WHERE SessionID = '".mysql_real_escape_string($_COOKIE["AURSID"])."'";
+				db_query($q, $dbh);
+			}
 		}
 	}
 	return;
-- 
cgit v1.2.3-54-g00ecf