fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-09 12:02:24 +09:00
Code Issues Projects Releases Packages Wiki Activity

Destroy conflicting cookies before, not after, setting own cookie

Browse source
This commit is contained in:
Kijin Sung 2023-07-24 02:57:08 +09:00
parent 8cf68ec9f1
commit 899f65981d
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
common/framework/Session.php
View file

@ -455,8 +455,8 @@ class Session
// Refresh the main session cookie. // Refresh the main session cookie.
if ($refresh_cookie) if ($refresh_cookie)
{ {
self::_setCookie(session_name(), session_id(), $options);
self::destroyCookiesFromConflictingDomains(array(session_name())); self::destroyCookiesFromConflictingDomains(array(session_name()));
self::_setCookie(session_name(), session_id(), $options);
} }
return true; return true;
@ -500,12 +500,12 @@ class Session
// Delete all cookies. // Delete all cookies.
self::destroyAutologinKeys(); self::destroyAutologinKeys();
self::destroyCookiesFromConflictingDomains(array('xe_logged', 'rx_login_status', 'xeak', 'sso'));
self::_unsetCookie(session_name(), $path, $domain); self::_unsetCookie(session_name(), $path, $domain);
self::_unsetCookie('xe_logged', $path, $domain); self::_unsetCookie('xe_logged', $path, $domain);
self::_unsetCookie('rx_login_status', $path, $domain); self::_unsetCookie('rx_login_status', $path, $domain);
self::_unsetCookie('xeak', $path, $domain); self::_unsetCookie('xeak', $path, $domain);
self::_unsetCookie('sso', $path, $domain); self::_unsetCookie('sso', $path, $domain);
self::destroyCookiesFromConflictingDomains(array('xe_logged', 'rx_login_status', 'xeak', 'sso'));
// Clear session data. // Clear session data.
$_SESSION = array(); $_SESSION = array();
@ -1172,6 +1172,7 @@ class Session
if ($autologin_key && $security_key) if ($autologin_key && $security_key)
{ {
$_SESSION['RHYMIX']['autologin_key'] = $autologin_key . $security_key; $_SESSION['RHYMIX']['autologin_key'] = $autologin_key . $security_key;
self::destroyCookiesFromConflictingDomains(array('rx_autologin'));
self::_setCookie('rx_autologin', $autologin_key . $security_key, array( self::_setCookie('rx_autologin', $autologin_key . $security_key, array(
'expires' => $lifetime, 'expires' => $lifetime,
'path' => $path, 'path' => $path,
@ -1181,7 +1182,6 @@ class Session
'samesite' => $samesite, 'samesite' => $samesite,
)); ));
self::destroyCookiesFromConflictingDomains(array('rx_autologin'));
return true; return true;
} }
else else
@ -1213,8 +1213,8 @@ class Session
} }
// Delete the autologin cookie. // Delete the autologin cookie.
self::_unsetCookie('rx_autologin', $path, $domain);
self::destroyCookiesFromConflictingDomains(array('rx_autologin')); self::destroyCookiesFromConflictingDomains(array('rx_autologin'));
self::_unsetCookie('rx_autologin', $path, $domain);
unset($_COOKIE['rx_autologin']); unset($_COOKIE['rx_autologin']);
return $result; return $result;
} }