Remove 4-way cookie purge logic

Summary: HPHP has behaviorial differences from PHP which make this logic
problematic and we provide a good error message to users when there's a cookie
issue now, so unsplit the cookie logic and just clear the same cookie we'd
otherwise set, as per ssl / base domain.

Test Plan: Logged in and out of my local install.

Reviewers: jungejason

Reviewed By: jungejason

CC: aran, jungejason

Differential Revision: 876

src/aphront/request/AphrontRequest.php

@@ -204,33 +204,16 @@ class AphrontRequest {
       $expire = time() + (60 * 60 * 24 * 365 * 5);
     }
 
-    if ($value == '') {
+    $is_secure = ($base_protocol == 'https');
-      // NOTE: If we're clearing the cookie, also clear it on the entire
-      // domain and both HTTP/HTTPS versions. This allows us to clear older
-      // cookies which we didn't scope as tightly. Eventually we could remove
-      // this, although it doesn't really hurt us. Basically, we're just making
-      // really sure that cookies get cleared when we try to clear them.
-      $secure_options = array(true, false);
-      $domain_options = array('', $base_domain);
-    } else {
-      // Otherwise, when setting cookies, set only one tightly-scoped cookie.
-      $is_secure = ($base_protocol == 'https');
-      $secure_options = array($is_secure);
-      $domain_options = array($base_domain);
-    }
 
-    foreach ($secure_options as $cookie_secure) {
+    setcookie(
-      foreach ($domain_options as $cookie_domain) {
+      $name,
-        setcookie(
+      $value,
-          $name,
+      $expire,
-          $value,
+      $path = '/',
-          $expire,
+      $base_domain,
-          $path = '/',
+      $is_secure,
-          $cookie_domain,
+      $http_only = true);
-          $cookie_secure,
-          $http_only = true);
-      }
-    }
   }
 
   final public function setUser($user) {