Remove old session ID from URL

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1268 7c3ca157-0c34-0410-bff1-cbf682f78f5c

diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index a5c7d7b6c5c699196fb3f7d3ace42ee210315d80..9f3d854c25898a1bc514c4fe79b3f9b08e67f88b 100644 (file)
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -4,9 +4,10 @@ if (isset($_POST["server"])) {
        $_SESSION["usernames"][$_POST["server"]] = $_POST["username"];
        $_SESSION["passwords"][$_POST["server"]] = $_POST["password"];
        if (count($_POST) == 3) { // 3 - count($ignore)
-               $location = ((string) $_GET["server"] === $_POST["server"] ? remove_from_uri() : preg_replace('~^([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . (strlen($_POST["server"]) ? '?server=' . urlencode($_POST["server"]) : ''));
-               if (!isset($_COOKIE[session_name()])) {
-                       $location .= (strpos($location, "?") === false ? "?" : "&") . SID;
+               $location = ((string) $_GET["server"] === $_POST["server"] ? remove_from_uri(session_name()) : preg_replace('~^([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . (strlen($_POST["server"]) ? '?server=' . urlencode($_POST["server"]) : ''));
+               if (SID) {
+                       $pos = strpos($location, '?');
+                       $location = ($pos ? substr_replace($location, SID . "&", $pos + 1, 0) : "$location?" . SID);
                }
                redirect($location);
        }