From 213537f6239ddb90685a701746012ca97778f711 Mon Sep 17 00:00:00 2001
From: Nao <nao@wedge>
Date: Sat, 11 Feb 2017 16:00:27 +0100
Subject: [PATCH] + A departure from SMF-based forums: redirectexit() will no
 longer add the session variable to the URL if it's already in a cookie. I'll
 be honest with you, I never noticed that variable before, but it's started
 showing up everywhere in my new server. If you know why, feel free to share!
 Other than that, this update is very logical, so for those like me who have
 the problem, there you go. (Subs.php)

---
 core/app/Subs.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/app/Subs.php b/core/app/Subs.php
index 549cba11..d4e94a94 100644
--- a/core/app/Subs.php
+++ b/core/app/Subs.php
@@ -1125,8 +1125,8 @@ function redirectexit($setLocation = '', $refresh = false, $permanent = false)
 	if ($is_internal = !preg_match('~^(?:http|ftp)s?://~', $setLocation))
 		$setLocation = SCRIPT . ($setLocation != '' ? '?' . $setLocation : '');
 
-	// Put the session ID in.
-	if (defined('SID') && SID != '')
+	// Put the session ID in, if it's not already in a cookie.
+	if (defined('SID') && SID != '' && (!isset($_COOKIE[session_name()]) || $_COOKIE[session_name()] !== session_id()))
 		$setLocation = preg_replace('/^' . preg_quote(SCRIPT, '/') . '(?!\?' . preg_quote(SID, '/') . ')\\??/', SCRIPT . '?' . SID . ';', $setLocation);
 	// Keep that debug in their for template debugging!
 	elseif (isset($_GET['debug']))