require_once 'lib/functions/configCheck.php'; checkConfiguration(); require_once 'config.inc.php'; require_once 'common.php'; doSessionStart(); unset($_SESSION['basehref']); // will be very interesting understand why we do this setPaths(); list($args, $gui) = initEnv(); // verify the session during a work $redir2login = true; if (isset($_SESSION['currentUser'])) { // Session exists we need to do other checks. // // we use/copy Mantisbt approach $securityCookie = tlUser::auth_get_current_user_cookie(); $redir2login = is_null($securityCookie); if (!$redir2login) { // need to get fresh info from db, before asking for securityCookie doDBConnect($db, database::ONERROREXIT); $user = new tlUser(); $user->dbID = $_SESSION['currentUser']->dbID; $user->readFromDB($db); $dbSecurityCookie = $user->getSecurityCookie(); $redir2login = $securityCookie != $dbSecurityCookie; } } if ($redir2login) { // destroy user in session as security measure unset($_SESSION['currentUser']); // If session does not exists I think is better in order to