After upgrading to 1.3.9d, when visiting my site with cookies blocked in my browser, I can log in just fine, and as long as I only visit SSL pages I'm fine. But as soon as I visit a non-SSL page I get logged out.
I can fix this problem by modifying the following lines of code in init_includes/init_sessions.php (lines 42-46):
Code:
if (isset($_POST[zen_session_name()])) {
zen_session_id($_POST[zen_session_name()]);
} elseif ( ($request_type == 'SSL') && isset($_GET[zen_session_name()]) ) {
zen_session_id($_GET[zen_session_name()]);
}
If I remove the ($request_type == 'SSL') my site works fine; I remain signed in on all pages.
I don't understand why this code insists upon a $request_type of SSL. Both SSL and non-SSL pages can have a ZENID.
Bookmarks