[Phpwebsite-developers] phpWebSite Sessions

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I had found a bug earlier where sessions where kept if you went from one
site to another on the same domain.  In this section of code here, which
can be found in the core index.php file,  the session is not set unless
one does not exist already.

if (!$_SESSION[$object_name] && class_exists($class_name)) {
    if (is_array($mod_include["mod_sessions"]) && in_array($object_name,
$mod_include["mod_sessions"]))
        $GLOBALS[$object_name] = $_SESSION[$object_name] = new $class_name;
    else
        $GLOBALS[$object_name] = $$object_name = new $class_name;
} else
    $GLOBALS[$object_name] = $_SESSION[$object_name];

I think we need to also check the hash here to see if it is correct.  If
not then reload the session.  What do you guys think?

-- 
Steven Levin
Electronic Student Services
Appalachian State University
Phone: 828.262.2431
PhpWebsite Development Team
URL: http://phpwebsite.appstate.edu
Email: st...@NO...