mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-08 11:11:39 +09:00
Clean conflicting cookies from current host if needed
This commit is contained in:
Kijin Sung
parent
efc0d55f98
commit
d0df41d232
1 changed files with 23 additions and 11 deletions
|
|
@ -89,8 +89,11 @@ class Session
|
||||||
session_id($_POST[$session_name]);
|
session_id($_POST[$session_name]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check if the session cookie already exists.
|
||||||
|
$cookie_exists = isset($_COOKIE[$session_name]);
|
||||||
|
|
||||||
// Abort if using delayed session.
|
// Abort if using delayed session.
|
||||||
if(Config::get('session.delay') && !$force && !isset($_COOKIE[$session_name]))
|
if(!$cookie_exists && !$force && Config::get('session.delay'))
|
||||||
{
|
{
|
||||||
$_SESSION = array();
|
$_SESSION = array();
|
||||||
return false;
|
return false;
|
||||||
|
|
@ -198,6 +201,13 @@ class Session
|
||||||
$must_refresh = false;
|
$must_refresh = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If this is a new session, remove conflicting cookies.
|
||||||
|
if ($domain === null && !isset($_SESSION['conflict_clean']))
|
||||||
|
{
|
||||||
|
self::destroyCookiesFromConflictingDomains(array(session_name(), 'rx_autologin', 'rx_sesskey1', 'rx_sesskey2'), true);
|
||||||
|
$_SESSION['conflict_clean'] = true;
|
||||||
|
}
|
||||||
|
|
||||||
// Create or refresh the session if needed.
|
// Create or refresh the session if needed.
|
||||||
if ($must_create)
|
if ($must_create)
|
||||||
{
|
{
|
||||||
|
|
@ -505,7 +515,7 @@ class Session
|
||||||
setcookie('xe_logged', 'deleted', time() - 86400, $path, $domain, false, false);
|
setcookie('xe_logged', 'deleted', time() - 86400, $path, $domain, false, false);
|
||||||
setcookie('xeak', 'deleted', time() - 86400, $path, $domain, false, false);
|
setcookie('xeak', 'deleted', time() - 86400, $path, $domain, false, false);
|
||||||
setcookie('sso', 'deleted', time() - 86400, $path, $domain, false, false);
|
setcookie('sso', 'deleted', time() - 86400, $path, $domain, false, false);
|
||||||
self::destroyCookiesFromConflictingDomains(array('xe_logged', 'xeak', 'sso'));
|
self::destroyCookiesFromConflictingDomains(array('xe_logged', 'xeak', 'sso'), $domain === null);
|
||||||
unset($_COOKIE[session_name()]);
|
unset($_COOKIE[session_name()]);
|
||||||
unset($_COOKIE['rx_autologin']);
|
unset($_COOKIE['rx_autologin']);
|
||||||
unset($_COOKIE['rx_sesskey1']);
|
unset($_COOKIE['rx_sesskey1']);
|
||||||
|
|
@ -1101,7 +1111,7 @@ class Session
|
||||||
}
|
}
|
||||||
|
|
||||||
// Delete conflicting domain cookies.
|
// Delete conflicting domain cookies.
|
||||||
self::destroyCookiesFromConflictingDomains(array(session_name(), 'rx_autologin', 'rx_sesskey1', 'rx_sesskey2'));
|
self::destroyCookiesFromConflictingDomains(array(session_name(), 'rx_autologin', 'rx_sesskey1', 'rx_sesskey2'), $domain === null);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1123,7 +1133,7 @@ class Session
|
||||||
if ($autologin_key && $security_key)
|
if ($autologin_key && $security_key)
|
||||||
{
|
{
|
||||||
setcookie('rx_autologin', $autologin_key . $security_key, $lifetime, $path, $domain, $ssl_only, true);
|
setcookie('rx_autologin', $autologin_key . $security_key, $lifetime, $path, $domain, $ssl_only, true);
|
||||||
self::destroyCookiesFromConflictingDomains(array('rx_autologin'));
|
self::destroyCookiesFromConflictingDomains(array('rx_autologin'), $domain === null);
|
||||||
$_COOKIE['rx_autologin'] = $autologin_key . $security_key;
|
$_COOKIE['rx_autologin'] = $autologin_key . $security_key;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
@ -1157,7 +1167,7 @@ class Session
|
||||||
|
|
||||||
// Delete the autologin cookie.
|
// Delete the autologin cookie.
|
||||||
setcookie('rx_autologin', 'deleted', time() - 86400, $path, $domain, false, false);
|
setcookie('rx_autologin', 'deleted', time() - 86400, $path, $domain, false, false);
|
||||||
self::destroyCookiesFromConflictingDomains(array('rx_autologin'));
|
self::destroyCookiesFromConflictingDomains(array('rx_autologin'), $domain === null);
|
||||||
unset($_COOKIE['rx_autologin']);
|
unset($_COOKIE['rx_autologin']);
|
||||||
return $result;
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
@ -1207,25 +1217,27 @@ class Session
|
||||||
* Destroy cookies from potentially conflicting domains.
|
* Destroy cookies from potentially conflicting domains.
|
||||||
*
|
*
|
||||||
* @param array $cookies
|
* @param array $cookies
|
||||||
|
* @param bool $include_current_host (optional)
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public static function destroyCookiesFromConflictingDomains(array $cookies)
|
public static function destroyCookiesFromConflictingDomains(array $cookies, $include_current_host = false)
|
||||||
{
|
{
|
||||||
static $conflict_domains = null;
|
$conflict_domains = config('session.conflict_domains') ?: array();
|
||||||
if ($conflict_domains === null)
|
if ($include_current_host)
|
||||||
{
|
{
|
||||||
$conflict_domains = config('session.conflict_domains') ?: array();
|
$conflict_domains[] = '.' . preg_replace('/:\\d+$/', '', strtolower($_SERVER['HTTP_HOST']));
|
||||||
}
|
}
|
||||||
if (!count($conflict_domains))
|
if (!count($conflict_domains))
|
||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
list($lifetime, $refresh_interval, $domain, $path) = self::_getParams();
|
||||||
foreach ($cookies as $cookie)
|
foreach ($cookies as $cookie)
|
||||||
{
|
{
|
||||||
foreach ($conflict_domains as $domain)
|
foreach ($conflict_domains as $conflict_domain)
|
||||||
{
|
{
|
||||||
setcookie($cookie, 'deleted', time() - 86400, $path, $domain);
|
setcookie($cookie, 'deleted', time() - 86400, $path, $conflict_domain);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue