use php session_status to check for active session ( >= php 5.4 )

src/etc/inc/auth.inc

@@ -1333,8 +1333,9 @@ function session_auth() {
 		true
 	);
 
-	if (!session_id())
+	if (session_status() == PHP_SESSION_NONE) {
 		session_start();
+	}
 
 	// Detect protocol change
 	if (!isset($_POST['login']) && !empty($_SESSION['Logged_In']) && $_SESSION['protocol'] != $config['system']['webgui']['protocol'])

src/etc/inc/config.lib.inc

@@ -466,8 +466,8 @@ function write_config($desc = 'Unknown', $backup = true)
 	$config_xml = '/conf/config.xml';
 
 	if (!empty($_SERVER['REMOTE_ADDR'])) {
-		if (!session_id()) {
-			@session_start();
+		if (session_status() == PHP_SESSION_NONE) {
+			session_start();
 		}
 		if (!empty($_SESSION['Username']) && ($_SESSION['Username'] != 'root')) {
 			$user = getUserEntry($_SESSION['Username']);

src/www/csrf/csrf-magic.php

@@ -347,7 +347,7 @@ function csrf_conf($key, $val) {
  * Starts a session if we're allowed to.
  */
 function csrf_start() {
-    if ($GLOBALS['csrf']['auto-session'] && !session_id()) {
+    if ($GLOBALS['csrf']['auto-session'] && session_status() == PHP_SESSION_NONE) {
         session_start();
     }
 }

src/www/firewall_virtual_ip.php

@@ -146,8 +146,9 @@ if ($_GET['act'] == "del") {
 		}
 
 		if (!$input_errors) {
-			if (!session_id())
+			if (session_status() == PHP_SESSION_NONE) {
 				session_start();
+                        }
 			$user = getUserEntry($_SESSION['Username']);
 			if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) {
 				header("Location: firewall_virtual_ip.php");

src/www/headjs.php

@@ -35,8 +35,9 @@ function getHeadJS() {
     var input_errors = '';
     jQuery(document).ready(init);
   ";
-  if (!session_id())
+  if (session_status() == PHP_SESSION_NONE) {
 	session_start();
+  }
   $_SESSION['NO_AJAX'] == "True" ? $noajax = "var noAjaxOnSubmit = true;" : $noajax = "var noAjaxOnSubmit = false;";
   session_write_close();
 

src/www/system_usermanager_passwordmg.php

@@ -44,8 +44,9 @@ if (isset($_POST['save'])) {
 		$input_errors[] = gettext("The passwords do not match.");
 
 	if (!$input_errors) {
-		if (!session_id())
+		if (session_status() == PHP_SESSION_NONE) {
 			session_start();
+                }
 		// all values are okay --> saving changes
 		$config['system']['user'][$userindex[$_SESSION['Username']]]['password'] = crypt($_POST['passwordfld1'], '$6$');
 		local_user_set($config['system']['user'][$userindex[$_SESSION['Username']]]);
@@ -57,8 +58,9 @@ if (isset($_POST['save'])) {
 	}
 }
 
-if (!session_id())
+if (session_status() == PHP_SESSION_NONE) {
 	session_start();
+}
 
 /* determine if user is not local to system */
 $islocal = false;
@@ -103,8 +105,9 @@ include("head.inc");
 						<div class="table-responsive">
 							<table class="table table-striped table-sort">
 			                                <tr>
-			<?php if (!session_id())
+			<?php if (session_status() == PHP_SESSION_NONE) {
 					session_start();
+                        }
 			?>
 			                                        <td colspan="2" valign="top" class="listtopic"><?=$_SESSION['Username']?>'s <?=gettext("Password"); ?></td>
 			<?php session_write_close(); ?>