1
0
mirror of https://github.com/moparisthebest/wallabag synced 2024-11-30 12:52:24 -05:00

[fix] #115 cookie lifetime was empty

This commit is contained in:
Nicolas Lœuillet 2014-03-02 08:38:26 +01:00
parent 11c680f97a
commit 71b0d53c5e
2 changed files with 10 additions and 4 deletions

View File

@ -33,7 +33,7 @@ class Session
// his/her session is considered expired (3600 sec. = 1 hour) // his/her session is considered expired (3600 sec. = 1 hour)
public static $inactivityTimeout = 86400; public static $inactivityTimeout = 86400;
// Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours) // Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours)
public static $longSessionTimeout = 31536000; public static $longSessionTimeout = 604800; // 604800 = a week
// If you get disconnected often or if your IP address changes often. // If you get disconnected often or if your IP address changes often.
// Let you disable session cookie hijacking protection // Let you disable session cookie hijacking protection
public static $disableSessionProtection = false; public static $disableSessionProtection = false;
@ -61,7 +61,7 @@ class Session
if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") { if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {
$ssl = true; $ssl = true;
} }
session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['HTTP_HOST'], $ssl); session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl);
// Use cookies to store session. // Use cookies to store session.
ini_set('session.use_cookies', 1); ini_set('session.use_cookies', 1);
// Force cookies for session (phpsessionID forbidden in URL) // Force cookies for session (phpsessionID forbidden in URL)
@ -143,7 +143,14 @@ class Session
*/ */
public static function logout() public static function logout()
{ {
unset($_SESSION['uid'],$_SESSION['ip'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['longlastingsession'], $_SESSION['poche_user']); // unset($_SESSION['uid'],$_SESSION['ip'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['longlastingsession'], $_SESSION['poche_user']);
// Destruction du cookie (le code peut paraître complexe mais c'est pour être certain de reprendre les mêmes paramètres)
$args = array_merge(array(session_name(), ''), array_values(session_get_cookie_params()));
$args[2] = time() - 3600;
call_user_func_array('setcookie', $args);
// Suppression physique de la session
session_destroy();
} }
/** /**

View File

@ -11,7 +11,6 @@
define ('POCHE', '1.5.3'); define ('POCHE', '1.5.3');
require 'check_setup.php'; require 'check_setup.php';
require_once 'inc/poche/global.inc.php'; require_once 'inc/poche/global.inc.php';
session_start();
# Start Poche # Start Poche
$poche = new Poche(); $poche = new Poche();