Наконец-то разобрался с сессиями, +минорные фиксы

api/_auth.php

@@ -16,12 +16,15 @@ function EndSession () {
 
 
 
-//session_start();
-// This ^ should be placed at login stage
+// A few tips:
+// session_start() - start OR RESUME session
+// If $_SESSION["userid"] is set - it counted as active login session
+// If its not set - it counted as no login session
+session_start();
 
 $LOGGED_IN = false;
 
-if (session_status() == PHP_SESSION_ACTIVE && isset($_SESSION["userid"])) {
+if (session_status() === PHP_SESSION_ACTIVE && isset($_SESSION["userid"])) { // If there are active session
 	// Check if user still exist
 	$s = $db->prepare("SELECT * FROM users WHERE id = ?");
 	$s->bind_param("s", $_SESSION["userid"]);
@@ -32,10 +35,19 @@ if (session_status() == PHP_SESSION_ACTIVE && isset($_SESSION["userid"])) {
 		die("user id used in session does not exist");
 	}
 	$LOGGED_IN = true;
-} elseif (session_status() == PHP_SESSION_ACTIVE && !isset($_SESSION["userid"])) {
-	echo "no userid, destroying session";
-	EndSession();
-	die("no userid in session");
+} elseif (session_status() === PHP_SESSION_DISABLED) { // If sessions are disabled
+	die("ERROR: please enable sessions in php config");
+}
+
+if ($Config["debug"] && isset($_REQUEST["debug"])) { // If there are not any session and debug mode is on
+	// ATTENTION: FOR DEBUG PURPOSES ONLY!
+	if ($_REQUEST["debug"] == "drop") {
+		EndSession();
+		die("session discarded");
+	}
+	$_SESSION["userid"] = intval($_REQUEST["debug"]);
+	print_r(["created_session" => $_SESSION]);
+	die();
 }
 
 ?>