From 068b17f48ef5434611defa5463f47ba5c8f1752e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zden=C4=9Bk=20Borovec?= <zdenda.borovec@gmail.com>
Date: Sat, 4 May 2024 23:08:47 +0200
Subject: [PATCH] dont start session if not necessary

---
 docs/common/header.php | 7 +++++--
 docs/www/login.php     | 3 ++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/docs/common/header.php b/docs/common/header.php
index 9a51045..2d3a369 100755
--- a/docs/common/header.php
+++ b/docs/common/header.php
@@ -6,8 +6,11 @@ include_once("config.php");
 // Include utils to have access to custom classes
 include_once("utils.php");
 
-// Start session
-session_start();
+// If the session cookie is set, start session
+if(isset($_COOKIE["PHPSESSID"]))
+{
+	session_start();
+}
 
 // PDO Mysql connection object
 $conn = null;
diff --git a/docs/www/login.php b/docs/www/login.php
index 3112188..ed5f190 100644
--- a/docs/www/login.php
+++ b/docs/www/login.php
@@ -93,10 +93,11 @@ function attempt_login($conn, $username, $password) {
 }
 
 /**
- * If user sent the form, process it.
+ * If user sent the form, process it. This starts a session.
  * Either login user and redirect to index or set error message variables.
  */
 if (isset($_POST["submit"])) {
+	session_start();
 	// Log user out
 	$_SESSION["current_user"] = null;
 	// Attempt to log in