mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-23 14:00:56 +01:00
Remove 4-way cookie purge logic
Summary: HPHP has behaviorial differences from PHP which make this logic problematic and we provide a good error message to users when there's a cookie issue now, so unsplit the cookie logic and just clear the same cookie we'd otherwise set, as per ssl / base domain. Test Plan: Logged in and out of my local install. Reviewers: jungejason Reviewed By: jungejason CC: aran, jungejason Differential Revision: 876
This commit is contained in:
parent
701bf8317f
commit
0996697810
1 changed files with 9 additions and 26 deletions
|
@ -204,34 +204,17 @@ class AphrontRequest {
|
|||
$expire = time() + (60 * 60 * 24 * 365 * 5);
|
||||
}
|
||||
|
||||
if ($value == '') {
|
||||
// NOTE: If we're clearing the cookie, also clear it on the entire
|
||||
// domain and both HTTP/HTTPS versions. This allows us to clear older
|
||||
// cookies which we didn't scope as tightly. Eventually we could remove
|
||||
// this, although it doesn't really hurt us. Basically, we're just making
|
||||
// really sure that cookies get cleared when we try to clear them.
|
||||
$secure_options = array(true, false);
|
||||
$domain_options = array('', $base_domain);
|
||||
} else {
|
||||
// Otherwise, when setting cookies, set only one tightly-scoped cookie.
|
||||
$is_secure = ($base_protocol == 'https');
|
||||
$secure_options = array($is_secure);
|
||||
$domain_options = array($base_domain);
|
||||
}
|
||||
|
||||
foreach ($secure_options as $cookie_secure) {
|
||||
foreach ($domain_options as $cookie_domain) {
|
||||
setcookie(
|
||||
$name,
|
||||
$value,
|
||||
$expire,
|
||||
$path = '/',
|
||||
$cookie_domain,
|
||||
$cookie_secure,
|
||||
$base_domain,
|
||||
$is_secure,
|
||||
$http_only = true);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
final public function setUser($user) {
|
||||
$this->user = $user;
|
||||
|
|
Loading…
Reference in a new issue