RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1912 from MPOS/cookie-domain-fix

Browse Source 
[FIX] Changing Cookie Domain
This commit is contained in:
Sebastian Grewe 2014-03-09 20:09:55 +01:00
commit 0f13bd7c4f
2 changed files with 7 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
public/include/bootstrap.php
View File

@ -19,13 +19,13 @@ if (!include_once(BASEPATH . 'include/config/security.inc.dist.php')) die('Unabl
if (@file_exists(BASEPATH . 'include/config/security.inc.php')) include_once(BASEPATH . 'include/config/security.inc.php');
// start our session, we need it for smarty caching
$session_start = @session_start();
session_set_cookie_params(time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
$session_start = @session_start();
if (!$session_start) {
$log->log("info", "Forcing session id regeneration, session failed to start [hijack attempt?]");
session_destroy();
session_regenerate_id(true);
session_start();
$log->log("info", "Forcing session id regeneration, session failed to start [hijack attempt?]");
session_destroy();
session_regenerate_id(true);
session_start();
}
@setcookie(session_name(), session_id(), time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);

7
public/include/classes/user.class.php
View File

@ -624,15 +624,12 @@ class User extends Base {
// Unset all of the session variables
$_SESSION = array();
// As we're killing the sesison, also kill the cookie!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
setcookie(session_name(), '', time() - 42000);
// Destroy the session.
session_destroy();
// Enforce generation of a new Session ID and delete the old
session_regenerate_id(true);
// Enforce a page reload and point towards login with referrer included, if supplied
$port = ($_SERVER["SERVER_PORT"] == "80" || $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);
$pushto = $_SERVER['SCRIPT_NAME'].'?page=login';