Start session only if user is already logged in.

2 files changed, 9 insertions, 8 deletions

diff --git a/static/php/classes/Login.class.php b/static/php/classes/Login.class.php
index e1ddddf..d6e5752 100644
--- a/static/php/classes/Login.class.php
+++ b/static/php/classes/Login.class.php
@@ -25,11 +25,11 @@
 class Login
 {
     /**
-     * Number of seconds in one non-leap year.
+     * Is session started and user logged in?
      *
-     * @var int ONE_YEAR
+     * @var bool Is user logged in?
      */
-    const ONE_YEAR = 31536000;
+    public $loggedIn = false;
 
     /**
      * Starts a server session and sets correctly the cookie parameters.
@@ -41,10 +41,11 @@ class Login
                 'No session support or session already started',
                 500
             );
-        } else {
-            session_name('ssw_login');
-            session_set_cookie_params(self::ONE_YEAR, '/', '.wandystan.eu', TRUE, TRUE);
+        } elseif (isset($_COOKIE[session_name()])) {
             session_start();
+
+            if ($_SESSION['login_id'] > 0)
+                $this->loggedIn = true;
         }
     }
 
@@ -55,6 +56,6 @@ class Login
      */
     public function isLoggedIn()
     {
-        return !empty($_SESSION['login_id']);
+        return $this->loggedIn;
     }
 }
diff --git a/templates/upload_logged.swig b/templates/upload_logged.swig
index 3526e3e..3dda51e 100644
--- a/templates/upload_logged.swig
+++ b/templates/upload_logged.swig
@@ -1,7 +1,7 @@
 {% extends "layout.swig" %}
 
 {% block menu %}
-<li>❌ <a href="//wandystan.eu/w/login">wyloguj</a></li>
+<li>❌ <a href="//wandystan.eu/w/logout">wyloguj</a></li>
 {% endblock %}
 
 {% block body %}