From 0996697810d8efa261ec2cdb2c3858da145c9623 Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Tue, 30 Aug 2011 16:41:18 -0700
Subject: [PATCH] Remove 4-way cookie purge logic

Summary: HPHP has behaviorial differences from PHP which make this logic
problematic and we provide a good error message to users when there's a cookie
issue now, so unsplit the cookie logic and just clear the same cookie we'd
otherwise set, as per ssl / base domain.

Test Plan: Logged in and out of my local install.

Reviewers: jungejason

Reviewed By: jungejason

CC: aran, jungejason

Differential Revision: 876
---
 src/aphront/request/AphrontRequest.php | 35 +++++++-------------------
 1 file changed, 9 insertions(+), 26 deletions(-)

diff --git a/src/aphront/request/AphrontRequest.php b/src/aphront/request/AphrontRequest.php
index 25eb1fb677..d00efc6b60 100644
--- a/src/aphront/request/AphrontRequest.php
+++ b/src/aphront/request/AphrontRequest.php
@@ -204,33 +204,16 @@ class AphrontRequest {
       $expire = time() + (60 * 60 * 24 * 365 * 5);
     }
 
-    if ($value == '') {
-      // NOTE: If we're clearing the cookie, also clear it on the entire
-      // domain and both HTTP/HTTPS versions. This allows us to clear older
-      // cookies which we didn't scope as tightly. Eventually we could remove
-      // this, although it doesn't really hurt us. Basically, we're just making
-      // really sure that cookies get cleared when we try to clear them.
-      $secure_options = array(true, false);
-      $domain_options = array('', $base_domain);
-    } else {
-      // Otherwise, when setting cookies, set only one tightly-scoped cookie.
-      $is_secure = ($base_protocol == 'https');
-      $secure_options = array($is_secure);
-      $domain_options = array($base_domain);
-    }
+    $is_secure = ($base_protocol == 'https');
 
-    foreach ($secure_options as $cookie_secure) {
-      foreach ($domain_options as $cookie_domain) {
-        setcookie(
-          $name,
-          $value,
-          $expire,
-          $path = '/',
-          $cookie_domain,
-          $cookie_secure,
-          $http_only = true);
-      }
-    }
+    setcookie(
+      $name,
+      $value,
+      $expire,
+      $path = '/',
+      $base_domain,
+      $is_secure,
+      $http_only = true);
   }
 
   final public function setUser($user) {