Navigation

← Previous Changeset
Next Changeset →

Changeset 17696

Timestamp:

09/25/08 15:59:50 (2 months ago)

Author:

rambo

Message:

use "secure" cookies by default on SSL, simplify cookie setting since we only support PHP5 now and it has saner setcookie

Files:

branches/MidCOM_2_8/midcom.core/midcom/config/midcom_config.php (modified) (2 diffs)
branches/MidCOM_2_8/midcom.core/midcom/services/auth/backend/simple.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

branches/MidCOM_2_8/midcom.core/midcom/config/midcom_config.php

r17502	r17696
74	74	* <b>Authentication Backend configuration: "simple"</b>
75	75	*
	76	* - <b>auth_backend_simple_cookie_secure:</b> Set the "secure" flag on cookie, defaults to true, applies only when actually using SSL/TLS
76	77	* - <b>auth_backend_simple_cookie_id:</b> The ID appended to the cookie prefix, separating
77	78	* auth cookies for different sites. Defaults to the GUID of the current host.
…	…
340	341	$GLOBALS['midcom_config_default']['auth_backend_simple_cookie_path'] = $_MIDGARD['self'];
341	342	$GLOBALS['midcom_config_default']['auth_backend_simple_cookie_domain'] = null;
	343	$GLOBALS['midcom_config_default']['auth_backend_simple_cookie_secure'] = true; // set secure flag on cookie (applies only when using SSL)
342	344
343	345	// Cache configuration

branches/MidCOM_2_8/midcom.core/midcom/services/auth/backend/simple.php

r15511	r17696
132	132	function _set_cookie()
133	133	{
134		if ($GLOBALS['midcom_config']['auth_backend_simple_cookie_domain'])
	134	$secure_cookie = false;
	135	if ( isset($_SERVER['HTTPS'])
	136	&& !empty($_SERVER['HTTPS'])
	137	&& $GLOBALS['midcom_config']['auth_backend_simple_cookie_secure'])
135	138	{
136		setcookie
137		(
138		$this->_cookie_id,
139		"{$this->session_id}-{$this->user->id}",
140		0,
141		$GLOBALS['midcom_config']['auth_backend_simple_cookie_path'],
142		$GLOBALS['midcom_config']['auth_backend_simple_cookie_domain']
143		);
	139	$secure_cookie = true;
144	140	}
145		else
146		{
147		setcookie
148		(
149		$this->_cookie_id,
150		"{$this->session_id}-{$this->user->id}",
151		0,
152		$GLOBALS['midcom_config']['auth_backend_simple_cookie_path']
153		);
154		}
	141	setcookie
	142	(
	143	$this->_cookie_id,
	144	"{$this->session_id}-{$this->user->id}",
	145	0,
	146	$GLOBALS['midcom_config']['auth_backend_simple_cookie_path'],
	147	$GLOBALS['midcom_config']['auth_backend_simple_cookie_domain'],
	148	$secure_cookie
	149	);
155	150	}
156	151
…	…
161	156	function _delete_cookie()
162	157	{
163		if ($GLOBALS['midcom_config']['auth_backend_simple_cookie_domain'])
164		{
165		setcookie
166		(
167		$this->_cookie_id,
168		false,
169		0,
170		$GLOBALS['midcom_config']['auth_backend_simple_cookie_path'],
171		$GLOBALS['midcom_config']['auth_backend_simple_cookie_domain']
172		);
173		}
174		else
175		{
176		setcookie
177		(
178		$this->_cookie_id,
179		false,
180		0,
181		$GLOBALS['midcom_config']['auth_backend_simple_cookie_path']
182		);
183		}
	158	setcookie
	159	(
	160	$this->_cookie_id,
	161	false,
	162	0,
	163	$GLOBALS['midcom_config']['auth_backend_simple_cookie_path'],
	164	$GLOBALS['midcom_config']['auth_backend_simple_cookie_domain']
	165	);
184	166	}
185	167

Navigation

Changeset 17696

Legend:

branches/MidCOM_2_8/midcom.core/midcom/config/midcom_config.php

branches/MidCOM_2_8/midcom.core/midcom/services/auth/backend/simple.php

Download in other formats: