summaryrefslogtreecommitdiffstats
path: root/inc
diff options
context:
space:
mode:
authorSimon Rettberg2019-10-31 12:21:35 +0100
committerSimon Rettberg2019-10-31 12:21:35 +0100
commit8c18415ccb3d32db6e89ea00275425cc69793908 (patch)
treeaffbf6750781f2ffdf1409bf150349d3c4bb7204 /inc
parent[baseconfig] Improved verbose output of plain config (diff)
downloadslx-admin-8c18415ccb3d32db6e89ea00275425cc69793908.tar.gz
slx-admin-8c18415ccb3d32db6e89ea00275425cc69793908.tar.xz
slx-admin-8c18415ccb3d32db6e89ea00275425cc69793908.zip
[inc/Util] Add method to agressively unset a cookie
This tries to work around problems with the cookie path and trailing slashes.
Diffstat (limited to 'inc')
-rw-r--r--inc/dictionary.inc.php3
-rw-r--r--inc/session.inc.php3
-rw-r--r--inc/util.inc.php20
3 files changed, 24 insertions, 2 deletions
diff --git a/inc/dictionary.inc.php b/inc/dictionary.inc.php
index 935d1f4e..b69007a6 100644
--- a/inc/dictionary.inc.php
+++ b/inc/dictionary.inc.php
@@ -28,7 +28,8 @@ class Dictionary
//Changes the language in case there is a request to
$lang = Request::get('lang');
if ($lang !== false && in_array($lang, self::$languages)) {
- setcookie('lang', $lang, time() + 60 * 60 * 24 * 30 * 12);
+ Util::clearCookie('lang');
+ setcookie('lang', $lang, time() + 86400 * 30 * 12);
$url = Request::get('url');
if ($url === false && isset($_SERVER['HTTP_REFERER'])) {
$url = $_SERVER['HTTP_REFERER'];
diff --git a/inc/session.inc.php b/inc/session.inc.php
index 24bf6ac0..c08c8c4a 100644
--- a/inc/session.inc.php
+++ b/inc/session.inc.php
@@ -81,7 +81,7 @@ class Session
public static function deleteCookie()
{
- setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
+ Util::clearCookie('sid');
}
private static function getSessionFile()
@@ -109,6 +109,7 @@ class Session
$sessionfile = self::getSessionFile();
$ret = @file_put_contents($sessionfile, @serialize(self::$data));
if (!$ret) Util::traceError('Storing session data in ' . $sessionfile . ' failed.');
+ Util::clearCookie('sid');
$ret = setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
if (!$ret) Util::traceError('Error: Could not set Cookie for Client (headers already sent)');
}
diff --git a/inc/util.inc.php b/inc/util.inc.php
index c33bbc83..9c9d4e58 100644
--- a/inc/util.inc.php
+++ b/inc/util.inc.php
@@ -534,4 +534,24 @@ SADFACE;
return implode(' ', $parts) . ' ' . gmdate($showSecs ? 'H:i:s' : 'H:i', $seconds);
}
+ /**
+ * Properly clear a cookie from the user's browser.
+ * This recursively wipes it from the current script's path. There
+ * was a weird problem where firefox would keep sending a cookie with
+ * path /slx-admin/ but trying to delete it from /slx-admin, which php's
+ * setcookie automatically sends by default, did not clear it.
+ * @param string $name cookie name
+ */
+ public static function clearCookie($name)
+ {
+ $parts = explode('/', $_SERVER['SCRIPT_NAME']);
+ $path = '';
+ foreach ($parts as $part) {
+ $path .= $part;
+ setcookie($name, '', 0, $path);
+ $path .= '/';
+ setcookie($name, '', 0, $path);
+ }
+ }
+
}