1. Created a new global variable $_session_path to present the ATutor installation...

2. Removed junk code on $_SESSION['session_test'];
3. Unset a few more session vars at logout.

diff --git a/docs/include/lib/constants.inc.php b/docs/include/lib/constants.inc.php
index 41ee8c1..ed7bd61 100644 (file)
--- a/docs/include/lib/constants.inc.php
+++ b/docs/include/lib/constants.inc.php
@@ -194,8 +194,15 @@ if (($temp = strpos($_base_href, AT_PRETTY_URL_HANDLER)) > 0){
        $endpos = strlen($_base_href); 
 
 }
-$_base_href     = substr($_base_href, 0, $endpos);
-$_base_path  = substr($_base_href, strlen($server_protocol . $_SERVER['HTTP_HOST']));
+$_base_href    = substr($_base_href, 0, $endpos);
+$_base_path = $_session_path = substr($_base_href, strlen($server_protocol . $_SERVER['HTTP_HOST']));
+
+// $_session_path is used to attach the session ID on @ see include/vitals.inc.php - session_set_cookie_params()
+// $_session_path is ATutor installation path, which is not captured by $_base_path in the case that the sent-in
+// URL ends with '/'.
+if (substr($_SERVER['PHP_SELF'], -1) == '/') {
+       $_session_path = substr($_base_path, 0, strrpos(substr($_base_path, 0, -1), '/') + 1);
+}
 
 define('AT_BASE_HREF', $_base_href);
 

diff --git a/docs/include/vitals.inc.php b/docs/include/vitals.inc.php
index abfd1c9..b5a459f 100644 (file)
--- a/docs/include/vitals.inc.php
+++ b/docs/include/vitals.inc.php
@@ -13,7 +13,7 @@
 
 if (!defined('AT_INCLUDE_PATH')) { exit; }
 
-define('AT_DEVEL', 0);
+define('AT_DEVEL', 1);
 define('AT_ERROR_REPORTING', E_ALL ^ E_NOTICE); // default is E_ALL ^ E_NOTICE, use E_ALL or E_ALL + E_STRICT for developing
 define('AT_DEVEL_TRANSLATE', 0);
 
@@ -112,6 +112,9 @@ function check_session()
  ***/
 
 /**** 0. start system configuration options block ****/
+       //set the timezone, php 5.3+ problem. http://atutor.ca/atutor/mantis/view.php?id=4409
+       date_default_timezone_set('UTC');
+
        error_reporting(0);
        if (!defined('AT_REDIRECT_LOADED')){
                include_once(AT_INCLUDE_PATH.'config.inc.php');
@@ -158,7 +161,7 @@ function check_session()
               ? false
               : true;
     ob_start();
-    session_set_cookie_params(0, $_base_path, "", $isHttps);
+    session_set_cookie_params(0, $_session_path, "", $isHttps);
        session_start();
        
        // Regenerate session id at every page refresh to prevent CSRF
@@ -242,9 +245,6 @@ define('AT_DEFAULT_PREFS',  isset($_config['prefs_default']) ? $_config['prefs_d
 $_config['home_defaults'] .= (isset($_config['home_defaults_2']) ? $_config['home_defaults_2'] : '');
 $_config['main_defaults'] .= (isset($_config['main_defaults_2']) ? $_config['main_defaults_2'] : '');
 
-//set the timezone, php 5.3+ problem. http://atutor.ca/atutor/mantis/view.php?id=4409
-date_default_timezone_set('UTC');
-
 if ($_config['time_zone']) {
        //$sql = "SET time_zone='{$_config['time_zone']}'";
        //mysql_query($sql, $db);

diff --git a/docs/login.php b/docs/login.php
index 8f637a8..67873fb 100644 (file)
--- a/docs/login.php
+++ b/docs/login.php
@@ -223,8 +223,6 @@ if (isset($this_login, $this_password)) {
        }
 }
 
-$_SESSION['session_test'] = TRUE;
-
 if (isset($_SESSION['member_id'])) {
        $sql = "DELETE FROM ".TABLE_PREFIX."users_online WHERE member_id=$_SESSION[member_id]";
        $result = @mysql_query($sql, $db);

diff --git a/docs/logout.php b/docs/logout.php
index 77524f4..80e12ac 100644 (file)
--- a/docs/logout.php
+++ b/docs/logout.php
@@ -27,6 +27,11 @@ unset($_SESSION['course_id']);
 unset($_SESSION['prefs']);
 unset($_SESSION['dd_question_ids']);
 unset($_SESSION['flash']);
+unset($_SESSION['userAgent']);
+unset($_SESSION['IPaddress']);
+unset($_SESSION['OBSOLETE']);
+unset($_SESSION['EXPIRES']);
+unset($_SESSION['token']);
 
 $msg->addFeedback('LOGOUT');
 header('Location: login.php');