From f7900fa08276d2668221a1b4ce7462d68e6f2893 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 5 May 2017 13:04:19 +0200
Subject: [webinterface] Log user out when disabling HTTPS to prevent lockout

---
 inc/session.inc.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'inc')

diff --git a/inc/session.inc.php b/inc/session.inc.php
index 26effa3f..24bf6ac0 100644
--- a/inc/session.inc.php
+++ b/inc/session.inc.php
@@ -74,10 +74,15 @@ class Session
 	{
 		if (self::$sid === false) return;
 		@unlink(self::getSessionFile());
-		@setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
+		self::deleteCookie();
 		self::$sid = false;
 		self::$data = false;
 	}
+
+	public static function deleteCookie()
+	{
+		setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
+	}
 	
 	private static function getSessionFile()
 	{
@@ -104,7 +109,7 @@ class Session
 		$sessionfile = self::getSessionFile();
 		$ret = @file_put_contents($sessionfile, @serialize(self::$data));
 		if (!$ret) Util::traceError('Storing session data  in ' . $sessionfile . ' failed.');
-		$ret = @setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
+		$ret = setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
 		if (!$ret) Util::traceError('Error: Could not set Cookie for Client (headers already sent)');
 	}
 }
-- 
cgit v1.2.3-55-g7522