diff options
| author | Simon Rettberg | 2019-10-31 12:21:35 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2019-10-31 12:21:35 +0100 |
| commit | 8c18415ccb3d32db6e89ea00275425cc69793908 (patch) | |
| tree | affbf6750781f2ffdf1409bf150349d3c4bb7204 | |
| parent | [baseconfig] Improved verbose output of plain config (diff) | |
| download | slx-admin-8c18415ccb3d32db6e89ea00275425cc69793908.tar.gz slx-admin-8c18415ccb3d32db6e89ea00275425cc69793908.tar.xz slx-admin-8c18415ccb3d32db6e89ea00275425cc69793908.zip | |
[inc/Util] Add method to agressively unset a cookie
This tries to work around problems with the cookie path
and trailing slashes.
| -rw-r--r-- | inc/dictionary.inc.php | 3 | ||||
| -rw-r--r-- | inc/session.inc.php | 3 | ||||
| -rw-r--r-- | inc/util.inc.php | 20 |
3 files changed, 24 insertions, 2 deletions
diff --git a/inc/dictionary.inc.php b/inc/dictionary.inc.php index 935d1f4e..b69007a6 100644 --- a/inc/dictionary.inc.php +++ b/inc/dictionary.inc.php @@ -28,7 +28,8 @@ class Dictionary //Changes the language in case there is a request to $lang = Request::get('lang'); if ($lang !== false && in_array($lang, self::$languages)) { - setcookie('lang', $lang, time() + 60 * 60 * 24 * 30 * 12); + Util::clearCookie('lang'); + setcookie('lang', $lang, time() + 86400 * 30 * 12); $url = Request::get('url'); if ($url === false && isset($_SERVER['HTTP_REFERER'])) { $url = $_SERVER['HTTP_REFERER']; diff --git a/inc/session.inc.php b/inc/session.inc.php index 24bf6ac0..c08c8c4a 100644 --- a/inc/session.inc.php +++ b/inc/session.inc.php @@ -81,7 +81,7 @@ class Session public static function deleteCookie() { - setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); + Util::clearCookie('sid'); } private static function getSessionFile() @@ -109,6 +109,7 @@ class Session $sessionfile = self::getSessionFile(); $ret = @file_put_contents($sessionfile, @serialize(self::$data)); if (!$ret) Util::traceError('Storing session data in ' . $sessionfile . ' failed.'); + Util::clearCookie('sid'); $ret = setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); if (!$ret) Util::traceError('Error: Could not set Cookie for Client (headers already sent)'); } diff --git a/inc/util.inc.php b/inc/util.inc.php index c33bbc83..9c9d4e58 100644 --- a/inc/util.inc.php +++ b/inc/util.inc.php @@ -534,4 +534,24 @@ SADFACE; return implode(' ', $parts) . ' ' . gmdate($showSecs ? 'H:i:s' : 'H:i', $seconds); } + /** + * Properly clear a cookie from the user's browser. + * This recursively wipes it from the current script's path. There + * was a weird problem where firefox would keep sending a cookie with + * path /slx-admin/ but trying to delete it from /slx-admin, which php's + * setcookie automatically sends by default, did not clear it. + * @param string $name cookie name + */ + public static function clearCookie($name) + { + $parts = explode('/', $_SERVER['SCRIPT_NAME']); + $path = ''; + foreach ($parts as $part) { + $path .= $part; + setcookie($name, '', 0, $path); + $path .= '/'; + setcookie($name, '', 0, $path); + } + } + } |