Drop sessions if the session variables became corrupted

diff --git a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
index a66f937bafae9599293d1a19d4da2e1a0540ce45..49369e40eb16de2c726b4e0dde3c8f35633b9f95 100644 (file)
--- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
+++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
@@ -391,9 +391,15 @@ final class SessionHandler extends SingletonFactory {
                        return false;
                }
                
+               $variables = @unserialize($row['sessionVariables']);
+               // Check whether the session variables became corrupted.
+               if (!is_array($variables)) {
+                       return false;
+               }
+               
                $this->sessionID = $sessionID;
                $this->user = new User($row['userID']);
-               $this->variables = unserialize($row['sessionVariables']);
+               $this->variables = $variables;
                
                $sql = "UPDATE  wcf".WCF_N."_".($this->isACP ? 'acp' : 'user')."_session
                        SET     ipAddress = ?,