X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;ds=sidebyside;f=includes%2Fsession.inc;h=5f9240eb6ad4d6b894bc97d080d775ea2f4caf12;hb=HEAD;hp=a0a59d25eac4a71cafafd08f918099e28f16f603;hpb=ccca49a7020c3121ce31d0318fcf9807ada68667;p=fa-stable.git

diff --git a/includes/session.inc b/includes/session.inc
index a0a59d25..458f5852 100644
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -11,6 +11,7 @@
 ***********************************************************************/
 define('VARLIB_PATH', $path_to_root.'/tmp');
 define('VARLOG_PATH', $path_to_root.'/tmp');
+define('SECURE_ONLY', true); // if you really need also http (unsecure) access allowed, you can set this to NULL
 
 class SessionManager
 {
@@ -397,7 +398,7 @@ foreach ($installed_extensions as $ext)
 ini_set('session.gc_maxlifetime', 36000); // moved from below.
 
 $Session_manager = new SessionManager();
-$Session_manager->sessionStart('FA'.md5(dirname(__FILE__)), 0, '/', null, True);
+$Session_manager->sessionStart('FA'.md5(dirname(__FILE__)), 0, '/', null, SECURE_ONLY);
 
 $_SESSION['SysPrefs'] = new sys_prefs();
 
@@ -446,16 +447,18 @@ if ($SysPrefs->login_delay > 0 && file_exists(VARLIB_PATH."/faillog.php"))
 	include_once(VARLIB_PATH."/faillog.php");
 
 // Page Initialisation
-if (!isset($_SESSION['wa_current_user']) || !$_SESSION['wa_current_user']->logged_in()
-	|| !isset($_SESSION['language']) || !method_exists($_SESSION['language'], 'set_language'))
+if (isset($dflt_lang) && isset($installed_languages))
 {
-	$l = array_search_value($dflt_lang, $installed_languages,  'code');
-	$_SESSION['language'] = new language($l['name'], $l['code'], $l['encoding'],
-	 (isset($l['rtl']) && $l['rtl'] === true) ? 'rtl' : 'ltr');
-}
-
-$_SESSION['language']->set_language($_SESSION['language']->code);
+	if (!isset($_SESSION['wa_current_user']) || !$_SESSION['wa_current_user']->logged_in()
+		|| !isset($_SESSION['language']) || !method_exists($_SESSION['language'], 'set_language'))
+	{
+		$l = array_search_value($dflt_lang, $installed_languages,  'code');
+		$_SESSION['language'] = new language($l['name'], $l['code'], $l['encoding'],
+	 	(isset($l['rtl']) && $l['rtl'] === true) ? 'rtl' : 'ltr');
+	}
 
+	$_SESSION['language']->set_language($_SESSION['language']->code);
+}
 
 include_once($path_to_root . "/includes/access_levels.inc");
 include_once($path_to_root . "/version.php");