1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 22:10:55 +01:00

Remove 4-way cookie purge logic

Summary: HPHP has behaviorial differences from PHP which make this logic
problematic and we provide a good error message to users when there's a cookie
issue now, so unsplit the cookie logic and just clear the same cookie we'd
otherwise set, as per ssl / base domain.

Test Plan: Logged in and out of my local install.

Reviewers: jungejason

Reviewed By: jungejason

CC: aran, jungejason

Differential Revision: 876
This commit is contained in:
epriestley 2011-08-30 16:41:18 -07:00
parent 701bf8317f
commit 0996697810

View file

@ -204,34 +204,17 @@ class AphrontRequest {
$expire = time() + (60 * 60 * 24 * 365 * 5); $expire = time() + (60 * 60 * 24 * 365 * 5);
} }
if ($value == '') {
// NOTE: If we're clearing the cookie, also clear it on the entire
// domain and both HTTP/HTTPS versions. This allows us to clear older
// cookies which we didn't scope as tightly. Eventually we could remove
// this, although it doesn't really hurt us. Basically, we're just making
// really sure that cookies get cleared when we try to clear them.
$secure_options = array(true, false);
$domain_options = array('', $base_domain);
} else {
// Otherwise, when setting cookies, set only one tightly-scoped cookie.
$is_secure = ($base_protocol == 'https'); $is_secure = ($base_protocol == 'https');
$secure_options = array($is_secure);
$domain_options = array($base_domain);
}
foreach ($secure_options as $cookie_secure) {
foreach ($domain_options as $cookie_domain) {
setcookie( setcookie(
$name, $name,
$value, $value,
$expire, $expire,
$path = '/', $path = '/',
$cookie_domain, $base_domain,
$cookie_secure, $is_secure,
$http_only = true); $http_only = true);
} }
}
}
final public function setUser($user) { final public function setUser($user) {
$this->user = $user; $this->user = $user;