From 25d2e4892adaaab71eedbe8b22bca05374948e5b Mon Sep 17 00:00:00 2001
From: Min-Soo Kim <misol.kr@gmail.com>
Date: Thu, 2 Aug 2018 00:35:52 +0900
Subject: [PATCH] Revert "Example of the cookie option"

This reverts commit 93a35c251b806293b4aab018693a9d7327689cac.
---
 classes/context/Context.class.php               | 17 +----------------
 classes/mobile/Mobile.class.php                 |  2 +-
 common/js/common.js                             |  2 +-
 common/tpl/common_layout.html                   |  1 -
 modules/admin/admin.admin.controller.php        |  1 -
 modules/admin/admin.admin.view.php              |  2 --
 modules/admin/lang/en.php                       |  2 --
 modules/admin/lang/ko.php                       |  2 --
 modules/admin/tpl/config_advanced.html          |  9 ---------
 .../skins/ncenter_login/js/ncenter.js           |  2 +-
 10 files changed, 4 insertions(+), 36 deletions(-)

diff --git a/classes/context/Context.class.php b/classes/context/Context.class.php
index d98984391..e44f60a42 100644
--- a/classes/context/Context.class.php
+++ b/classes/context/Context.class.php
@@ -306,7 +306,7 @@ class Context
 		{
 			if($_COOKIE['lang_type'] !== $lang_type)
 			{
-				setcookie('lang_type', $lang_type, time() + 86400 * 365, '/', null, self::isCookieSSL());
+				setcookie('lang_type', $lang_type, time() + 86400 * 365, '/', null, self::isAlwaysSSL());
 			}
 		}
 		elseif($_COOKIE['lang_type'])
@@ -639,21 +639,6 @@ class Context
 		return $ssl_only;
 	}
 
-	/**
-	 * Return Cookie SSL status
-	 *
-	 * @param boolen $purge_cache Set true to get uncached SSL_enforce value.
-	 * @return boolean (true|false)
-	 */
-	public static function isCookieSSL($purge_cache = false)
-	{
-		static $ssl_only = null;
-		if(is_null($ssl_only) || $purge_cache === true)
-		{
-			$ssl_only = (self::isAlwaysSSL() && config('session.use_ssl_cookie'));
-		}
-		return $ssl_only;
-	}
 
 	/**
 	 * Return default URL
diff --git a/classes/mobile/Mobile.class.php b/classes/mobile/Mobile.class.php
index d89a2177d..ef69cef99 100644
--- a/classes/mobile/Mobile.class.php
+++ b/classes/mobile/Mobile.class.php
@@ -73,7 +73,7 @@ class Mobile
 		$uatype = $uahash . ':' . (self::$_ismobile ? '1' : '0');
 		if ($cookie !== $uatype)
 		{
-			setcookie('rx_uatype', $uatype, 0, null, null, Context::isCookieSSL());
+			setcookie('rx_uatype', $uatype, 0, null, null, Context::isAlwaysSSL());
 			$_COOKIE['rx_uatype'] = $uatype;
 		}
 		
diff --git a/common/js/common.js b/common/js/common.js
index c74d00180..7280af53b 100644
--- a/common/js/common.js
+++ b/common/js/common.js
@@ -1056,7 +1056,7 @@ function setCookie(name, value, expire, path) {
 	var s_cookie = name + "=" + escape(value) +
 		((!expire) ? "" : ("; expires=" + expire.toGMTString())) +
 		"; path=" + ((!path) ? "/" : path) + 
-		((cookie_ssl) ? ";secure" : "");
+		((enforce_ssl) ? ";secure" : "");
 
 	document.cookie = s_cookie;
 }
diff --git a/common/tpl/common_layout.html b/common/tpl/common_layout.html
index b7bfe866c..a047c8958 100644
--- a/common/tpl/common_layout.html
+++ b/common/tpl/common_layout.html
@@ -56,7 +56,6 @@
 	var http_port = {Context::get("_http_port") ?: 'null'};
 	var https_port = {Context::get("_https_port") ?: 'null'};
 	var enforce_ssl = {Context::get('_use_ssl') === 'always' ? 'true' : 'false'};
-	var cookie_ssl = {Context::isCookieSSL() ? 'true' : 'false'};
 	var ssl_actions = {json_encode(array_keys(Context::getSSLActions()))};
 	var xeVid = null;
 </script>
diff --git a/modules/admin/admin.admin.controller.php b/modules/admin/admin.admin.controller.php
index 8080914f5..34cf308af 100644
--- a/modules/admin/admin.admin.controller.php
+++ b/modules/admin/admin.admin.controller.php
@@ -826,7 +826,6 @@ class adminAdminController extends admin
 		Rhymix\Framework\Config::set('session.use_db', $vars->use_db_session === 'Y');
 		Rhymix\Framework\Config::set('session.use_keys', $vars->use_session_keys === 'Y');
 		Rhymix\Framework\Config::set('session.use_ssl', $vars->use_session_ssl === 'Y');
-		Rhymix\Framework\Config::set('session.use_ssl_cookie', $vars->use_cookie_ssl === 'Y');
 		Rhymix\Framework\Config::set('view.minify_scripts', $vars->minify_scripts ?: 'common');
 		Rhymix\Framework\Config::set('view.concat_scripts', $vars->concat_scripts ?: 'none');
 		Rhymix\Framework\Config::set('view.server_push', $vars->use_server_push === 'Y');
diff --git a/modules/admin/admin.admin.view.php b/modules/admin/admin.admin.view.php
index a60cf4f80..e94be0b2e 100644
--- a/modules/admin/admin.admin.view.php
+++ b/modules/admin/admin.admin.view.php
@@ -540,7 +540,6 @@ class adminAdminView extends admin
 		Context::set('delay_session', Rhymix\Framework\Config::get('session.delay'));
 		Context::set('use_session_keys', Rhymix\Framework\Config::get('session.use_keys'));
 		Context::set('use_session_ssl', Rhymix\Framework\Config::get('session.use_ssl'));
-		Context::set('use_cookie_ssl', Rhymix\Framework\Config::get('session.use_ssl_cookie'));
 		Context::set('use_db_session', Rhymix\Framework\Config::get('session.use_db'));
 		Context::set('minify_scripts', Rhymix\Framework\Config::get('view.minify_scripts'));
 		Context::set('concat_scripts', Rhymix\Framework\Config::get('view.concat_scripts'));
@@ -780,7 +779,6 @@ class adminAdminView extends admin
 		$info['session.use_db'] = config('session.use_db') ? 'true' : 'false';
 		$info['session.use_keys'] = config('session.use_keys') ? 'true' : 'false';
 		$info['session.use_ssl'] = config('session.use_ssl') ? 'true' : 'false';
-		$info['session.use_ssl_cookie'] = config('session.use_ssl_cookie') ? 'true' : 'false';
 		$info['view.concat_scripts'] = config('view.concat_scripts');
 		$info['view.minify_scripts'] = config('view.minify_scripts');
 		$info['use_rewrite'] = config('use_rewrite') ? 'true' : 'false';
diff --git a/modules/admin/lang/en.php b/modules/admin/lang/en.php
index 3eaace37d..90a41de97 100644
--- a/modules/admin/lang/en.php
+++ b/modules/admin/lang/en.php
@@ -163,8 +163,6 @@ $lang->use_session_keys = 'Use session security keys';
 $lang->about_use_session_keys = 'Use additional security keys to guard against session theft. This setting is highly recommended if you don\'t use SSL-only sessions.<br>This setting may cause some users to become logged out.';
 $lang->use_session_ssl = 'Use SSL-only session';
 $lang->about_use_session_ssl = 'Prevent the session from being used on non-SSL pages.<br>This helps improve security if your site always uses SSL and your server is configured to redirect all non-SSL pages to SSL.';
-$lang->use_cookie_ssl = 'Use SSL-only cookie';
-$lang->about_use_cookie_ssl = 'Prevent the cooike from being used on non-SSL pages.<br>This helps improve security if your site always uses SSL and your server is configured to redirect all non-SSL pages to SSL.';
 $lang->use_object_cache = 'Use Cache';
 $lang->cache_default_ttl = 'Cache default TTL';
 $lang->cache_host = 'Host';
diff --git a/modules/admin/lang/ko.php b/modules/admin/lang/ko.php
index fbbcdc8cb..3eb49cf90 100644
--- a/modules/admin/lang/ko.php
+++ b/modules/admin/lang/ko.php
@@ -164,8 +164,6 @@ $lang->use_session_keys = '세션 보안키 사용';
 $lang->about_use_session_keys = '세션 탈취를 방지하기 위한 보안키를 사용합니다. SSL 전용 세션을 사용하지 않을 경우 반드시 보안키를 사용하시기를 권장합니다.<br>사용자 환경에 따라 로그인이 풀리는 문제가 발생할 수 있습니다.';
 $lang->use_session_ssl = 'SSL 전용 세션 사용';
 $lang->about_use_session_ssl = '세션을 SSL 전용으로 지정하여 SSL이 아닌 페이지에서 사용할 수 없도록 합니다.<br>SSL을 항상 사용하고, SSL이 아닌 페이지 방문시 자동으로 SSL 페이지로 리다이렉트되도록 서버가 설정되어 있는 경우<br>이 옵션을 사용하면 보안이 향상됩니다. (애드온 등을 사용하여 리다이렉트하는 경우 제외)';
-$lang->use_cookie_ssl = 'SSL 전용 쿠키 사용';
-$lang->about_use_cookie_ssl = '쿠키를 SSL 전용으로 지정하여 SSL이 아닌 페이지에서 사용할 수 없도록 합니다.<br>SSL을 항상 사용하고, SSL이 아닌 페이지 방문시 자동으로 SSL 페이지로 리다이렉트되도록 서버가 설정되어 있는 경우<br>이 옵션을 사용하면 보안이 향상됩니다. (애드온 등을 사용하여 리다이렉트하는 경우 제외)';
 $lang->use_object_cache = '캐시 사용';
 $lang->cache_default_ttl = '캐시 기본 TTL';
 $lang->cache_host = '호스트';
diff --git a/modules/admin/tpl/config_advanced.html b/modules/admin/tpl/config_advanced.html
index 1a5863e37..0721a3c71 100644
--- a/modules/admin/tpl/config_advanced.html
+++ b/modules/admin/tpl/config_advanced.html
@@ -123,15 +123,6 @@
 				<p class="x_help-block">{$lang->about_use_session_ssl}</p>
 			</div>
 		</div>
-		<div class="x_control-group">
-			<label class="x_control-label">{$lang->use_cookie_ssl}</label>
-			<div class="x_controls">
-				<label for="use_cookie_ssl_y" class="x_inline"><input type="radio" name="use_cookie_ssl" id="use_cookie_ssl_y" value="Y" checked="checked"|cond="$use_cookie_ssl && $use_ssl === 'always'" disabled="disabled"|cond="$use_ssl !== 'always'" /> {$lang->cmd_yes}</label>
-				<label for="use_cookie_ssl_n" class="x_inline"><input type="radio" name="use_cookie_ssl" id="use_cookie_ssl_n" value="N" checked="checked"|cond="!$use_cookie_ssl || $use_ssl !== 'always'" disabled="disabled"|cond="$use_ssl !== 'always'" /> {$lang->cmd_no}</label>
-				<br />
-				<p class="x_help-block">{$lang->about_use_cookie_ssl}</p>
-			</div>
-		</div>
 		<div class="x_control-group">
 			<label class="x_control-label">{$lang->thumbnail_target}</label>
 			<div class="x_controls">
diff --git a/widgets/login_info/skins/ncenter_login/js/ncenter.js b/widgets/login_info/skins/ncenter_login/js/ncenter.js
index dfc8eadcf..92b073686 100644
--- a/widgets/login_info/skins/ncenter_login/js/ncenter.js
+++ b/widgets/login_info/skins/ncenter_login/js/ncenter.js
@@ -8,7 +8,7 @@
 				dt.setTime(dt.getTime() + (d * 24 * 60 * 60000));
 				e = "; expires=" + dt.toGMTString();
 			}
-			document.cookie = n + "=" + v + e + "; path=/" + ((cookie_ssl) ? ";secure" : "");
+			document.cookie = n + "=" + v + e + "; path=/" + ((enforce_ssl) ? ";secure" : "");
 		}
 
 		var n = $('#nc_container');