From 71b0d53c5e5d44a928870f7c98beac7b34199ba0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= Date: Sun, 2 Mar 2014 08:38:26 +0100 Subject: [fix] #115 cookie lifetime was empty --- inc/3rdparty/Session.class.php | 13 ++++++++++--- index.php | 1 - 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/inc/3rdparty/Session.class.php b/inc/3rdparty/Session.class.php index b30a31f3..599b68cd 100644 --- a/inc/3rdparty/Session.class.php +++ b/inc/3rdparty/Session.class.php @@ -33,7 +33,7 @@ class Session // his/her session is considered expired (3600 sec. = 1 hour) public static $inactivityTimeout = 86400; // Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours) - public static $longSessionTimeout = 31536000; + public static $longSessionTimeout = 604800; // 604800 = a week // If you get disconnected often or if your IP address changes often. // Let you disable session cookie hijacking protection public static $disableSessionProtection = false; @@ -61,7 +61,7 @@ class Session if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") { $ssl = true; } - session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['HTTP_HOST'], $ssl); + session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl); // Use cookies to store session. ini_set('session.use_cookies', 1); // Force cookies for session (phpsessionID forbidden in URL) @@ -143,7 +143,14 @@ class Session */ public static function logout() { - unset($_SESSION['uid'],$_SESSION['ip'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['longlastingsession'], $_SESSION['poche_user']); + // unset($_SESSION['uid'],$_SESSION['ip'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['longlastingsession'], $_SESSION['poche_user']); + + // Destruction du cookie (le code peut paraître complexe mais c'est pour être certain de reprendre les mêmes paramètres) + $args = array_merge(array(session_name(), ''), array_values(session_get_cookie_params())); + $args[2] = time() - 3600; + call_user_func_array('setcookie', $args); + // Suppression physique de la session + session_destroy(); } /** diff --git a/index.php b/index.php index 9f5d0ade..06ab7d3c 100644 --- a/index.php +++ b/index.php @@ -11,7 +11,6 @@ define ('POCHE', '1.5.3'); require 'check_setup.php'; require_once 'inc/poche/global.inc.php'; -session_start(); # Start Poche $poche = new Poche(); -- cgit v1.2.3