Use Cookie class to control session and member-related cookies, too

2026-01-04 01:01:41 +09:00 · 2023-10-24 23:09:50 +09:00 · 2023-10-24 23:09:50 +09:00 · 8d2b7101f4
commit 8d2b7101f4
parent a3cde9c109
3 changed files with 11 additions and 45 deletions
--- a/common/framework/Session.php
+++ b/common/framework/Session.php
@ -235,7 +235,7 @@ class Session
 		if (!isset($_COOKIE['rx_login_status']) || $_COOKIE['rx_login_status'] !== $value)
 		{
 			list($lifetime, $refresh_interval, $domain, $path, $secure, $httponly, $samesite) = self::_getParams();
-			self::_setCookie('rx_login_status', $value, array(
+			Cookie::set('rx_login_status', $value, array(
 				'expires' => 0,
 				'path' => $path,
 				'domain' => $domain,
@ -277,7 +277,7 @@ class Session
 		if(!$is_default_domain && !\Context::get('sso_response') && $_COOKIE['sso'] !== md5($current_domain))
 		{
 			// Set sso cookie to prevent multiple simultaneous SSO validation requests.
-			self::_setCookie('sso', md5($current_domain), array(
+			Cookie::set('sso', md5($current_domain), array(
 				'expires' => 0,
 				'path' => '/',
 				'domain' => null,
@ -439,7 +439,7 @@ class Session
 		if ($refresh_cookie)
 		{
 			self::destroyCookiesFromConflictingDomains(array(session_name()));
-			self::_setCookie(session_name(), session_id(), $options);
+			Cookie::set(session_name(), session_id(), $options);
 			if (self::$_autologin_key = self::_getAutologinKey())
 			{
 				self::setAutologinKeys(substr(self::$_autologin_key, 0, 24), substr(self::$_autologin_key, 24, 24));
@ -1079,45 +1079,6 @@ class Session
 		}
 	}
 	/**
 	 * Set cookie (for compatibility with PHP < 7.3)
 	 *
 	 * @param string $name
 	 * @param string $value
 	 * @param array $options
 	 * @return bool
 	 */
 	protected static function _setCookie(string $name, string $value, array $options = []): bool
 	{
 		$name = strval($name);
 		$value = strval($value);
 		if (PHP_VERSION_ID >= 70300)
 		{
 			$result = setcookie($name, $value, $options);
 		}
 		else
 		{
 			$expires = $options['expires'] ?? 0;
 			$path = $options['path'] ?? null;
 			$domain = $options['domain'] ?? null;
 			$secure = $options['secure'] ?? null;
 			$httponly = $options['httponly'] ?? null;
 			$samesite = $options['samesite'] ?? '';
 			if ($samesite)
 			{
 				$path = ($path ?: '/') . '; SameSite=' . $samesite;
 			}
 			$result = setcookie($name, $value, $expires, $path, $domain, $secure, $httponly);
 		}
 		if ($result)
 		{
 			$_COOKIE[$name] = $value;
 		}
 		return $result;
 	}
 	/**
 	 * Unset cookie.
 	 *
@ -1155,7 +1116,7 @@ class Session
 		{
 			$_SESSION['RHYMIX']['autologin_key'] = $autologin_key . $security_key;
 			self::destroyCookiesFromConflictingDomains(array('rx_autologin'));
-			self::_setCookie('rx_autologin', $autologin_key . $security_key, array(
+			Cookie::set('rx_autologin', $autologin_key . $security_key, array(
 				'expires' => $lifetime,
 				'path' => $path,
 				'domain' => $domain,
--- a/modules/member/controllers/Device.php
+++ b/modules/member/controllers/Device.php
@ -2,6 +2,8 @@
 namespace Rhymix\Modules\Member\Controllers;
 use Rhymix\Framework\Cookie;
 class Device extends \Member
 {
 	/**
@ -412,7 +414,10 @@ class Device extends \Member
 		}
 		else
 		{
-			setcookie('device_key', $member_srl . ':' . $device_key, time() + 60, \RX_BASEURL, null, !!config('session.use_ssl_cookies'), true);
+			Cookie::set('device_key', $member_srl . ':' . $device_key, [
 				'expires' => time() + 60,
 				'httponly' => true,
 			]);
 		}
 	}
 }
--- a/modules/ncenterlite/ncenterlite.controller.php
+++ b/modules/ncenterlite/ncenterlite.controller.php
@ -1122,7 +1122,7 @@ class NcenterliteController extends Ncenterlite
 		}
 		if(!empty($_COOKIE['_ncenterlite_hide_id']))
 		{
-			setcookie('_ncenterlite_hide_id', '', 0, '/');
+			Rhymix\Framework\Cookie::remove('_ncenterlite_hide_id', ['path' => '/']);
 		}
 		$oMemberModel = getModel('member');