aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorNicolas Lœuillet <nicolas.loeuillet@gmail.com>2014-03-02 08:38:26 +0100
committerNicolas Lœuillet <nicolas.loeuillet@gmail.com>2014-03-02 08:38:26 +0100
commit71b0d53c5e5d44a928870f7c98beac7b34199ba0 (patch)
tree90ccb7f96cf3219ef77217edfc7de47fde4fde58
parent11c680f97aa07b48f33e264effb2975d6ca31a0c (diff)
downloadwallabag-71b0d53c5e5d44a928870f7c98beac7b34199ba0.tar.gz
wallabag-71b0d53c5e5d44a928870f7c98beac7b34199ba0.tar.zst
wallabag-71b0d53c5e5d44a928870f7c98beac7b34199ba0.zip
[fix] #115 cookie lifetime was empty
-rw-r--r--inc/3rdparty/Session.class.php13
-rw-r--r--index.php1
2 files changed, 10 insertions, 4 deletions
diff --git a/inc/3rdparty/Session.class.php b/inc/3rdparty/Session.class.php
index b30a31f3..599b68cd 100644
--- a/inc/3rdparty/Session.class.php
+++ b/inc/3rdparty/Session.class.php
@@ -33,7 +33,7 @@ class Session
33 // his/her session is considered expired (3600 sec. = 1 hour) 33 // his/her session is considered expired (3600 sec. = 1 hour)
34 public static $inactivityTimeout = 86400; 34 public static $inactivityTimeout = 86400;
35 // Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours) 35 // Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours)
36 public static $longSessionTimeout = 31536000; 36 public static $longSessionTimeout = 604800; // 604800 = a week
37 // If you get disconnected often or if your IP address changes often. 37 // If you get disconnected often or if your IP address changes often.
38 // Let you disable session cookie hijacking protection 38 // Let you disable session cookie hijacking protection
39 public static $disableSessionProtection = false; 39 public static $disableSessionProtection = false;
@@ -61,7 +61,7 @@ class Session
61 if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") { 61 if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {
62 $ssl = true; 62 $ssl = true;
63 } 63 }
64 session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['HTTP_HOST'], $ssl); 64 session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl);
65 // Use cookies to store session. 65 // Use cookies to store session.
66 ini_set('session.use_cookies', 1); 66 ini_set('session.use_cookies', 1);
67 // Force cookies for session (phpsessionID forbidden in URL) 67 // Force cookies for session (phpsessionID forbidden in URL)
@@ -143,7 +143,14 @@ class Session
143 */ 143 */
144 public static function logout() 144 public static function logout()
145 { 145 {
146 unset($_SESSION['uid'],$_SESSION['ip'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['longlastingsession'], $_SESSION['poche_user']); 146 // unset($_SESSION['uid'],$_SESSION['ip'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['longlastingsession'], $_SESSION['poche_user']);
147
148 // Destruction du cookie (le code peut paraître complexe mais c'est pour être certain de reprendre les mêmes paramètres)
149 $args = array_merge(array(session_name(), ''), array_values(session_get_cookie_params()));
150 $args[2] = time() - 3600;
151 call_user_func_array('setcookie', $args);
152 // Suppression physique de la session
153 session_destroy();
147 } 154 }
148 155
149 /** 156 /**
diff --git a/index.php b/index.php
index 9f5d0ade..06ab7d3c 100644
--- a/index.php
+++ b/index.php
@@ -11,7 +11,6 @@
11define ('POCHE', '1.5.3'); 11define ('POCHE', '1.5.3');
12require 'check_setup.php'; 12require 'check_setup.php';
13require_once 'inc/poche/global.inc.php'; 13require_once 'inc/poche/global.inc.php';
14session_start();
15 14
16# Start Poche 15# Start Poche
17$poche = new Poche(); 16$poche = new Poche();