diff options
author | Nicolas Lœuillet <nicolas.loeuillet@gmail.com> | 2014-03-02 08:38:26 +0100 |
---|---|---|
committer | Nicolas Lœuillet <nicolas.loeuillet@gmail.com> | 2014-03-02 08:38:26 +0100 |
commit | 71b0d53c5e5d44a928870f7c98beac7b34199ba0 (patch) | |
tree | 90ccb7f96cf3219ef77217edfc7de47fde4fde58 /inc/3rdparty/Session.class.php | |
parent | 11c680f97aa07b48f33e264effb2975d6ca31a0c (diff) | |
download | wallabag-71b0d53c5e5d44a928870f7c98beac7b34199ba0.tar.gz wallabag-71b0d53c5e5d44a928870f7c98beac7b34199ba0.tar.zst wallabag-71b0d53c5e5d44a928870f7c98beac7b34199ba0.zip |
[fix] #115 cookie lifetime was empty
Diffstat (limited to 'inc/3rdparty/Session.class.php')
-rw-r--r-- | inc/3rdparty/Session.class.php | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/inc/3rdparty/Session.class.php b/inc/3rdparty/Session.class.php index b30a31f3..599b68cd 100644 --- a/inc/3rdparty/Session.class.php +++ b/inc/3rdparty/Session.class.php | |||
@@ -33,7 +33,7 @@ class Session | |||
33 | // his/her session is considered expired (3600 sec. = 1 hour) | 33 | // his/her session is considered expired (3600 sec. = 1 hour) |
34 | public static $inactivityTimeout = 86400; | 34 | public static $inactivityTimeout = 86400; |
35 | // Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours) | 35 | // Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours) |
36 | public static $longSessionTimeout = 31536000; | 36 | public static $longSessionTimeout = 604800; // 604800 = a week |
37 | // If you get disconnected often or if your IP address changes often. | 37 | // If you get disconnected often or if your IP address changes often. |
38 | // Let you disable session cookie hijacking protection | 38 | // Let you disable session cookie hijacking protection |
39 | public static $disableSessionProtection = false; | 39 | public static $disableSessionProtection = false; |
@@ -61,7 +61,7 @@ class Session | |||
61 | if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") { | 61 | if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") { |
62 | $ssl = true; | 62 | $ssl = true; |
63 | } | 63 | } |
64 | session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['HTTP_HOST'], $ssl); | 64 | session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl); |
65 | // Use cookies to store session. | 65 | // Use cookies to store session. |
66 | ini_set('session.use_cookies', 1); | 66 | ini_set('session.use_cookies', 1); |
67 | // Force cookies for session (phpsessionID forbidden in URL) | 67 | // Force cookies for session (phpsessionID forbidden in URL) |
@@ -143,7 +143,14 @@ class Session | |||
143 | */ | 143 | */ |
144 | public static function logout() | 144 | public static function logout() |
145 | { | 145 | { |
146 | unset($_SESSION['uid'],$_SESSION['ip'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['longlastingsession'], $_SESSION['poche_user']); | 146 | // unset($_SESSION['uid'],$_SESSION['ip'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['longlastingsession'], $_SESSION['poche_user']); |
147 | |||
148 | // Destruction du cookie (le code peut paraître complexe mais c'est pour être certain de reprendre les mêmes paramètres) | ||
149 | $args = array_merge(array(session_name(), ''), array_values(session_get_cookie_params())); | ||
150 | $args[2] = time() - 3600; | ||
151 | call_user_func_array('setcookie', $args); | ||
152 | // Suppression physique de la session | ||
153 | session_destroy(); | ||
147 | } | 154 | } |
148 | 155 | ||
149 | /** | 156 | /** |