1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-18 18:51:12 +01:00

Remove 4-way cookie purge logic

Summary: HPHP has behaviorial differences from PHP which make this logic
problematic and we provide a good error message to users when there's a cookie
issue now, so unsplit the cookie logic and just clear the same cookie we'd
otherwise set, as per ssl / base domain.

Test Plan: Logged in and out of my local install.

Reviewers: jungejason

Reviewed By: jungejason

CC: aran, jungejason

Differential Revision: 876
This commit is contained in:
epriestley 2011-08-30 16:41:18 -07:00
parent 701bf8317f
commit 0996697810

View file

@ -204,33 +204,16 @@ class AphrontRequest {
$expire = time() + (60 * 60 * 24 * 365 * 5);
}
if ($value == '') {
// NOTE: If we're clearing the cookie, also clear it on the entire
// domain and both HTTP/HTTPS versions. This allows us to clear older
// cookies which we didn't scope as tightly. Eventually we could remove
// this, although it doesn't really hurt us. Basically, we're just making
// really sure that cookies get cleared when we try to clear them.
$secure_options = array(true, false);
$domain_options = array('', $base_domain);
} else {
// Otherwise, when setting cookies, set only one tightly-scoped cookie.
$is_secure = ($base_protocol == 'https');
$secure_options = array($is_secure);
$domain_options = array($base_domain);
}
$is_secure = ($base_protocol == 'https');
foreach ($secure_options as $cookie_secure) {
foreach ($domain_options as $cookie_domain) {
setcookie(
$name,
$value,
$expire,
$path = '/',
$cookie_domain,
$cookie_secure,
$http_only = true);
}
}
setcookie(
$name,
$value,
$expire,
$path = '/',
$base_domain,
$is_secure,
$http_only = true);
}
final public function setUser($user) {