From f7190c34e1a1ea36bbc81a7dea8dcb7a39cea7cf Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Thu, 30 Jul 2015 23:42:28 +0200 Subject: Minz session cookie path bug https://github.com/FreshRSS/FreshRSS/issues/924#issuecomment-126499403 --- lib/Minz/Session.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'lib/Minz/Session.php') diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php index 058685ada..14a093bf7 100644 --- a/lib/Minz/Session.php +++ b/lib/Minz/Session.php @@ -65,10 +65,9 @@ class Minz_Session { * @param $l la durée de vie */ public static function keepCookie($l) { - // Get the script_name (e.g. /p/i/index.php) and keep only the path. - $cookie_dir = empty($_SERVER['SCRIPT_NAME']) ? '' : $_SERVER['SCRIPT_NAME']; - $cookie_dir = dirname($cookie_dir); - session_set_cookie_params($l, $cookie_dir, '', false, true); + // Get the script_name (e.g. /p/i/index.php) and keep only the path. + $cookie_dir = dirname(empty($_SERVER['REQUEST_URI']) ? '/' : dirname($_SERVER['REQUEST_URI'])); + session_set_cookie_params($l, $cookie_dir, '', false, false); } -- cgit v1.2.3 From 59daed3d4eca6bf6260a8dc422c54f470895ac63 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Fri, 31 Jul 2015 00:12:55 +0200 Subject: Minz slight change in session cookie path https://github.com/FreshRSS/FreshRSS/issues/924#issuecomment-126499403 --- lib/Minz/Session.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lib/Minz/Session.php') diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php index 14a093bf7..705aae2ec 100644 --- a/lib/Minz/Session.php +++ b/lib/Minz/Session.php @@ -66,7 +66,10 @@ class Minz_Session { */ public static function keepCookie($l) { // Get the script_name (e.g. /p/i/index.php) and keep only the path. - $cookie_dir = dirname(empty($_SERVER['REQUEST_URI']) ? '/' : dirname($_SERVER['REQUEST_URI'])); + $cookie_dir = empty($_SERVER['REQUEST_URI']) ? '/' : $_SERVER['REQUEST_URI']; + if (substr($cookie_dir, -1) !== '/') { + $cookie_dir = dirname($cookie_dir) . '/'; + } session_set_cookie_params($l, $cookie_dir, '', false, false); } -- cgit v1.2.3 From 760ec5f223c4a18c8e8c8f3ecdf6b7140aa70611 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Fri, 31 Jul 2015 00:17:32 +0200 Subject: Whitespace --- lib/Minz/Session.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'lib/Minz/Session.php') diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php index 705aae2ec..de671f173 100644 --- a/lib/Minz/Session.php +++ b/lib/Minz/Session.php @@ -65,12 +65,12 @@ class Minz_Session { * @param $l la durée de vie */ public static function keepCookie($l) { - // Get the script_name (e.g. /p/i/index.php) and keep only the path. - $cookie_dir = empty($_SERVER['REQUEST_URI']) ? '/' : $_SERVER['REQUEST_URI']; - if (substr($cookie_dir, -1) !== '/') { - $cookie_dir = dirname($cookie_dir) . '/'; - } - session_set_cookie_params($l, $cookie_dir, '', false, false); + // Get the script_name (e.g. /p/i/index.php) and keep only the path. + $cookie_dir = empty($_SERVER['REQUEST_URI']) ? '/' : $_SERVER['REQUEST_URI']; + if (substr($cookie_dir, -1) !== '/') { + $cookie_dir = dirname($cookie_dir) . '/'; + } + session_set_cookie_params($l, $cookie_dir, '', false, false); } -- cgit v1.2.3 From 189e790f32d4e389cf1dc6da669a579717fff436 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Fri, 31 Jul 2015 11:26:57 +0200 Subject: Minz cookie session httpOnly https://github.com/FreshRSS/FreshRSS/issues/924 https://github.com/FreshRSS/FreshRSS/pull/936/files#r35948311 --- lib/Minz/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/Minz/Session.php') diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php index de671f173..057e7746a 100644 --- a/lib/Minz/Session.php +++ b/lib/Minz/Session.php @@ -70,7 +70,7 @@ class Minz_Session { if (substr($cookie_dir, -1) !== '/') { $cookie_dir = dirname($cookie_dir) . '/'; } - session_set_cookie_params($l, $cookie_dir, '', false, false); + session_set_cookie_params($l, $cookie_dir, '', false, true); } -- cgit v1.2.3