Re: [SM-DEVEL] Maintenance of login sessions

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

>> I have a clue about this. I think a plugin or some kind of function
>> tries to access a file or folder incorrectly. This is caught by the
>> index.php which redirects the user to login.php.
>>     
>
> We've actually seen this before.  It was triggered by incoming emails,
> that had bad URLs for images.  We'd build a <img src="" /> url, which
> would trigger index.php to load, and...
>
>   
>> login.php kills the session!
>>     
>
> This was however fixed a few years ago.
>
>   
>> So the next action the user does is greeted with 'you must be logged in'.
>>     
>
>   
Is there any way for login.php to know when this happens? If a full 
fledged session is underway, perhaps it can intelligently load a 'Are 
you sure you wish to sign out?' page which, when confirmed, THEN kills 
the session and loads the standard login form? Then any inadvertent 
loading of login.php will not trigger session death.