Fix Session manager: do not always place cookie

Controllers/UserController.php

@@ -35,7 +35,7 @@ final class UserController
             return View::show("user/signin", array("success" => False, "msg" => "This account is disabled"));
         }
 
-        Session::start($A_user["ID"]);
+        Session::set_login($A_user["ID"]);
         
         View::show("user/signin", array("success" => True));
     }
@@ -71,7 +71,7 @@ final class UserController
 
     public function logoutAction(Array $A_urlParams = null, Array $A_postParams = null)
     {
-        Session::destroy();
+        Session::destroy_session();
         header("Location: /");
     }
 
@@ -83,6 +83,9 @@ final class UserController
 
         Session::login_or_die();
 
+        $O_userModel = new UserModel();
+        $A_user = $O_userModel->getUserByID($_SESSION["ID"]);
+
         return View::show("user/view", $A_user);
     }
 }

Kernel/Session.php

@@ -2,43 +2,62 @@
 
 final class Session
 {
-    public static function start($I_id)
+    public static function start_session()
     {
         session_start();
-        $_SESSION["ID"] = $I_id;
     }
 
-    public static function destroy()
+    public static function resume_session()
+    {
+        if(self::has_session_cookie()){
+            self::start_session();
+            return true;
+        }
+        return false;
+    }
+
+    public static function destroy_session()
     {
         session_start();
         session_destroy();
     }
 
-    public static function has_session()
+    /*
+        Reason: start_session() automatically sets a cookie,
+        we want a way to know if the user have a session without setting a cookie
+        (e.g to not set a cookie on every page to set the header, which change if you are logged-in)
+    */
+    public static function has_session_cookie()
     {
+        return isset($_COOKIE[session_name()]);
+    }
+    
+    public static function is_login()
+    {
+        if (!self::resume_session()) {
+            return false;
+        }
         if (!isset($_SESSION)) {
             return false;
         }
         if (!isset($_SESSION["ID"])) {
             return False;
-        }        
-    }
-
-    public static function is_login()
-    {
-        if (!has_session()) {
-            return false;
         }
-
+        
         // ensure account has not been deleted/disabled in the meantime
         $O_userModel = new UserModel();
-        return $O_userModel->isUserActive($_SESSION["ID"]);
+        $B_userActive = $O_userModel->isUserActive($_SESSION["ID"]);
+        return $B_userActive;
+    }
 
+    public static function set_login($I_id){
+        self::start_session();
+        $_SESSION["ID"] = $I_id;
     }
 
     public static function login_or_die()
     {
-        if (!self::has_session()) {
+        if (!self::is_login()) {
             header("Location: /user/login?return_uri=".$_SERVER["REQUEST_URI"]);
             die();
         }

Models/UserModel.php

@@ -67,6 +67,6 @@ final class UserModel
         
         $row = $stmt->fetch();
         if ($row === false) return false;
-        return $row["DISABLED"] === 0;
+        return $row["DISABLED"] !== 1;
     }
 }