From 3bf44378fa2a6e6a417a73b91feac9e3539a0999 Mon Sep 17 00:00:00 2001
From: Andrew Ruthven <andrew@etc.gen.nz>
Date: Sat, 20 Jan 2024 14:50:32 +1300
Subject: [PATCH] Fix checking if the session is active

The phpversion check was backwards. For PHP >= 5.4.0 we should be
using session_status() === PHP_SESSION_ACTIVE not < 5.4.0.

But in fact, we only support >= 5.4.0, so this check is now redundant.
---
 inc/csrf_tokens.php | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/inc/csrf_tokens.php b/inc/csrf_tokens.php
index 9d05ec4e..5e42f404 100644
--- a/inc/csrf_tokens.php
+++ b/inc/csrf_tokens.php
@@ -16,11 +16,7 @@ function updateCsrf() {
  * @return bool
  */
 function sessionExists() {
-    if (version_compare(phpversion(), '5.4.0', '>')) {
-        return session_id() !== '';
-    } else {
-        return session_status() === PHP_SESSION_ACTIVE;
-    }
+    return session_status() === PHP_SESSION_ACTIVE;
 }
 
 /**
@@ -116,4 +112,4 @@ function verifyCsrf($csrf_token) {
  */
 function verifyCsrfPost() {
     return (isset($_POST['csrf_token']) && verifyCsrf($_POST['csrf_token']));
-}
\ No newline at end of file
+}