From 411e16771a253bf039880cd0684d109c31349b08 Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Fri, 19 Aug 2011 15:18:55 -0700
Subject: [PATCH] Make detection/recovery for bad cookies more strict

Summary: When a user has bad cookies, try to clear everything and tell them they
might need to manually clear things.

Test Plan: Added "&& false" to the valid branch and got the exception message.

Reviewers: jungejason

Reviewed By: jungejason

CC: aran, jungejason

Differential Revision: 839
---
 .../base/controller/base/PhabricatorController.php            | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/applications/base/controller/base/PhabricatorController.php b/src/applications/base/controller/base/PhabricatorController.php
index d372c4c3ad..4a46e0eea0 100644
--- a/src/applications/base/controller/base/PhabricatorController.php
+++ b/src/applications/base/controller/base/PhabricatorController.php
@@ -52,7 +52,11 @@ abstract class PhabricatorController extends AphrontController {
         $user->loadFromArray($info);
       } else {
         // The session cookie is invalid, so clear it.
+        $request->clearCookie('phusr');
         $request->clearCookie('phsid');
+        throw new Exception(
+          "Your login session is invalid. Try logging in again. If that ".
+          "doesn't work, clear your browser cookies.");
       }
     }