[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled
This commit is contained in:
Daniel Hensby
Damian Mooyman
parent
8bbf1caae6
commit
d1163d87b7
|
|
@ -502,7 +502,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
|
|||
|
||||
$this->addVisit();
|
||||
|
||||
if($remember) {
|
||||
// Only set the cookie if autologin is enabled
|
||||
if($remember && Security::config()->autologin_enabled) {
|
||||
// Store the hash and give the client the cookie with the token.
|
||||
$generator = new RandomGenerator();
|
||||
$token = $generator->randomToken('sha1');
|
||||
|
|
@ -585,7 +586,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
|
|||
// Don't bother trying this multiple times
|
||||
self::$_already_tried_to_auto_log_in = true;
|
||||
|
||||
if(strpos(Cookie::get('alc_enc'), ':') === false
|
||||
if(!Security::config()->autologin_enabled
|
||||
|| strpos(Cookie::get('alc_enc'), ':') === false
|
||||
|| Session::get("loggedInAs")
|
||||
|| !Security::database_is_ready()
|
||||
) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue