From b7ac63b9def754fa2387b9c5f537effb2e03000c Mon Sep 17 00:00:00 2001
From: "J. King" <jking@jkingweb.ca>
Date: Sun, 24 Sep 2017 11:22:32 -0400
Subject: [PATCH] Resuming a session from the database should have no side
 effects

---
 lib/Database.php | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/lib/Database.php b/lib/Database.php
index e2b72a8..e680a80 100644
--- a/lib/Database.php
+++ b/lib/Database.php
@@ -249,15 +249,11 @@ class Database {
 
     public function sessionResume(string $id): array {
         $maxAge = Date::sub(Arsse::$conf->userSessionLifetime);
-        $out = $this->db->prepare("SELECT * from arsse_sessions where id is ? and expires > CURRENT_TIMESTAMP and created > ?", "str", "datetime")->run($id, $maxAge)->getRow();
+        $out = $this->db->prepare("SELECT id,created,expires,user from arsse_sessions where id is ? and expires > CURRENT_TIMESTAMP and created > ?", "str", "datetime")->run($id, $maxAge)->getRow();
         // if the session does not exist or is expired, throw an exception
         if (!$out) {
             throw new User\ExceptionSession("invalid", $id);
         }
-        // otherwise populate the session user when appropriate
-        if (Arsse::$user) {
-            Arsse::$user->id = $out['user'];
-        }
         // if we're more than half-way from the session expiring, renew it
         if ($this->sessionExpiringSoon(Date::normalize($out['expires'], "sql"))) {
             $expires = Date::add(Arsse::$conf->userSessionTimeout);