diff options
| author | Simon Rettberg | 2017-05-05 13:04:19 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2017-05-05 13:04:19 +0200 |
| commit | f7900fa08276d2668221a1b4ce7462d68e6f2893 (patch) | |
| tree | 420646ef6fdb71ca1ce088e1bf4a0f6cf31198fe /inc | |
| parent | [webinterface] Add separate option to enable HSTS (diff) | |
| download | slx-admin-f7900fa08276d2668221a1b4ce7462d68e6f2893.tar.gz slx-admin-f7900fa08276d2668221a1b4ce7462d68e6f2893.tar.xz slx-admin-f7900fa08276d2668221a1b4ce7462d68e6f2893.zip | |
[webinterface] Log user out when disabling HTTPS to prevent lockout
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/session.inc.php | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/inc/session.inc.php b/inc/session.inc.php index 26effa3f..24bf6ac0 100644 --- a/inc/session.inc.php +++ b/inc/session.inc.php @@ -74,10 +74,15 @@ class Session { if (self::$sid === false) return; @unlink(self::getSessionFile()); - @setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); + self::deleteCookie(); self::$sid = false; self::$data = false; } + + public static function deleteCookie() + { + setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); + } private static function getSessionFile() { @@ -104,7 +109,7 @@ class Session $sessionfile = self::getSessionFile(); $ret = @file_put_contents($sessionfile, @serialize(self::$data)); if (!$ret) Util::traceError('Storing session data in ' . $sessionfile . ' failed.'); - $ret = @setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); + $ret = setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); if (!$ret) Util::traceError('Error: Could not set Cookie for Client (headers already sent)'); } } |