From 02117680c8a3a4c7da2b10e25fc6c29fd5fa9bd2 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@bofh.bg>
Date: Mon, 15 Oct 2012 11:12:37 +0300
Subject: Partially fix #1702

---
 system/libraries/Session/drivers/Session_cookie.php | 2 +-
 system/libraries/Session/drivers/Session_native.php | 2 +-
 user_guide_src/source/changelog.rst                 | 3 ++-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php
index fb62c7ec4..5bb1f7aa6 100755
--- a/system/libraries/Session/drivers/Session_cookie.php
+++ b/system/libraries/Session/drivers/Session_cookie.php
@@ -405,7 +405,7 @@ class CI_Session_cookie extends CI_Session_driver {
 		}
 
 		// Is the session current?
-		if (($session['last_activity'] + $this->sess_expiration) < $this->now)
+		if (($session['last_activity'] + $this->sess_expiration) < $this->now OR $session['last_activity'] > $this->now)
 		{
 			$this->sess_destroy();
 			return FALSE;
diff --git a/system/libraries/Session/drivers/Session_native.php b/system/libraries/Session/drivers/Session_native.php
index 8d5e51546..6529d4c36 100755
--- a/system/libraries/Session/drivers/Session_native.php
+++ b/system/libraries/Session/drivers/Session_native.php
@@ -107,7 +107,7 @@ class CI_Session_native extends CI_Session_driver {
 		// Check session expiration, ip, and agent
 		$now = time();
 		$destroy = FALSE;
-		if (isset($_SESSION['last_activity']) && ($_SESSION['last_activity'] + $expire) < $now)
+		if (isset($_SESSION['last_activity']) && (($_SESSION['last_activity'] + $expire) < $now OR $_SESSION['last_activity'] > $now))
 		{
 			// Expired - destroy
 			$destroy = TRUE;
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 145853a52..cc7cbacf7 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -360,7 +360,8 @@ Bug fixes for 3.0
 -  Fixed a bug (#1765) - :doc:`Database Library <database/index>` didn't properly detect connection errors for MySQLi.
 -  Fixed a bug (#1257) - :doc:`Query Builder <database/query_builder>` used to (unnecessarily) group FROM clause contents, which breaks certain queries and is invalid for some databases.
 -  Fixed a bug (#1709) - :doc:`Email <libraries/email>` headers were broken when using long email subjects and \r\n as CRLF.
--  Fixed a bug where MB_ENABLED was only declared if UTF8_ENABLED was set to TRUE.
+-  Fixed a bug where ``MB_ENABLED`` was only declared if ``UTF8_ENABLED`` was set to TRUE.
+-  Fixed a bug where the :doc:`Session Library <libraries/session>` accepted cookies with *last_activity* values being in the future.
 
 Version 2.1.3
 =============
-- 
cgit v1.2.3-24-g4f1b