Index: branches/5.2.x/core/kernel/session/session_storage.php
===================================================================
diff -u -N -r14244 -r14572
--- branches/5.2.x/core/kernel/session/session_storage.php	(.../session_storage.php)	(revision 14244)
+++ branches/5.2.x/core/kernel/session/session_storage.php	(.../session_storage.php)	(revision 14572)
@@ -1,7 +1,7 @@
 <?php
 
 /**
-* @version	$Id: session_storage.php 14244 2011-03-16 20:53:41Z alex $
+* @version	$Id: session_storage.php 14572 2011-09-20 15:25:49Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -90,12 +90,8 @@
 		return md5( substr($ret, 3) );
 	}
 
-	function StoreSession($additional_fields = Array())
+	function GetSessionDefaults()
 	{
-		if (defined('IS_INSTALL') && IS_INSTALL && !$this->Application->TableFound($this->TableName)) {
-			return false;
-		}
-
 		$fields_hash = Array (
 			$this->IDField			=>	$this->Session->SID,
 			$this->TimestampField	=>	$this->Session->Expiration,
@@ -109,13 +105,24 @@
 			$fields_hash['BrowserSignature'] = $this->_getBrowserSignature();
 		}
 
-		// default values + additional values + values set during this script run
-		$additional_fields = array_merge($additional_fields, $this->DirectVars); // used 2 times later
-		$fields_hash = array_merge($fields_hash, $additional_fields);
+		// default values + values set during this script run
 
-		$this->Conn->doInsert($fields_hash, $this->TableName);
+		return array_merge($fields_hash, $this->DirectVars);
+	}
 
-		foreach ($additional_fields as $field_name => $field_value) {
+	function StoreSession($to_database = true)
+	{
+		if (defined('IS_INSTALL') && IS_INSTALL && $to_database && !$this->Application->TableFound($this->TableName)) {
+			return false;
+		}
+
+		$fields_hash = $this->GetSessionDefaults();
+
+		if ($to_database) {
+			$this->Conn->doInsert($fields_hash, $this->TableName);
+		}
+
+		foreach ($fields_hash as $field_name => $field_value) {
 			$this->SetField($field_name, $field_value);
 		}
 	}
@@ -150,7 +157,7 @@
 		}
 
 		// perform security checks to ensure, that session is used by it's creator
-		if ($this->Application->ConfigValue('SessionBrowserSignatureCheck') && ($result['BrowserSignature'] != $this->_getBrowserSignature())) {
+		if ($this->Application->ConfigValue('SessionBrowserSignatureCheck') && ($result['BrowserSignature'] != $this->_getBrowserSignature()) && $this->Application->GetVar('flashsid') === false) {
 			return false;
 		}
 
@@ -242,9 +249,13 @@
 
 	function RemoveFromData($var)
 	{
-		$query = 'DELETE FROM '.$this->SessionDataTable.' WHERE '.$this->IDField.' = '.$this->Conn->qstr($this->Session->SID).
-						 ' AND '.$this->DataVarField.' = '.$this->Conn->qstr($var);
-		$this->Conn->Query($query);
+		if ($this->Session->SessionSet) {
+			// only, when session is stored in database
+			$sql = 'DELETE FROM ' . $this->SessionDataTable . '
+					WHERE ' . $this->IDField . ' = ' . $this->Conn->qstr($this->Session->SID) . ' AND ' . $this->DataVarField . ' = ' . $this->Conn->qstr($var);
+			$this->Conn->Query($sql);
+		}
+
 		unset($this->OriginalData[$var]);
 	}