- Fixed a session bug where cookie was rewriting session's cookie with a bad session_id
This commit is contained in:
Dave Mc Nicoll
parent
56194034f8
commit
e62ef28035
|
|
@ -40,7 +40,8 @@ class Cookie {
|
|||
?bool $secure = null,
|
||||
?bool $httponly = null,
|
||||
?string $samesite = null,
|
||||
?bool $raw = false
|
||||
?bool $raw = false,
|
||||
?bool $skipHash = false
|
||||
) {
|
||||
if ( headers_sent() ) {
|
||||
return false;
|
||||
|
|
@ -59,27 +60,26 @@ class Cookie {
|
|||
'samesite' => $this->options['samesite'] ?? ( $samesite ?: "" ),
|
||||
];
|
||||
|
||||
if ( $value ) {
|
||||
if ( $value && ! $skipHash ) {
|
||||
$value = sha1($this->secureHash . $value . $this->secureHash) . "|$value";
|
||||
}
|
||||
|
||||
return $raw ? setrawcookie($name, $value ?: "", $options) : setcookie($name, $value ?: "", $options);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Fetch a cookie value, using the Input library.
|
||||
* @param string cookie name
|
||||
* @param mixed default value
|
||||
* @return string
|
||||
*/
|
||||
public function get(string $key, $default = null)
|
||||
public function get(string $key, $default = null, $skipHash = false)
|
||||
{
|
||||
if ( ! $this->has($key) ) {
|
||||
return $default;
|
||||
}
|
||||
|
||||
if ( $this->secureHash ) {
|
||||
if ( $this->secureHash && ! $skipHash ) {
|
||||
list($hash, $value) = explode('|', $_COOKIE[$key], 2);
|
||||
|
||||
if (! $this->isSecure($hash, $value)) {
|
||||
|
|
@ -111,7 +111,7 @@ class Cookie {
|
|||
|
||||
unset( $_COOKIE[$name] );
|
||||
|
||||
return $this->set($name, '', -86400, $path ?: ( $this->options['path'] ?? "" ), $domain ?: ( $this->options['domain'] ?? "" ), $this->options['secure'] ?? false, $this->options['httponly'] ?? false);
|
||||
return $this->set($name, '', -86400, $path ?: ( $this->options['path'] ?? "" ), $domain ?: ( $this->options['domain'] ?? "" ), $this->options['secure'] ?? false, $this->options['httponly'] ?? false, null, false, true);
|
||||
}
|
||||
|
||||
public function isSecure($hash, $value) : bool
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ namespace Storage;
|
|||
|
||||
use session_name, session_id, session_start, session_destroy, session_save_path,
|
||||
session_regenerate_id, session_cache_limiter, session_get_cookie_params,
|
||||
session_set_cookie_params, session_status, time, array_key_exists;
|
||||
session_set_cookie_params, session_status, session_write_close, time, array_key_exists;
|
||||
|
||||
class Session
|
||||
{
|
||||
|
|
@ -54,17 +54,19 @@ class Session
|
|||
|
||||
if ( version_compare(PHP_VERSION, '7.3.0') >= 0 ) {
|
||||
session_set_cookie_params($params);
|
||||
# var_dump($params); die();
|
||||
}
|
||||
else {
|
||||
session_set_cookie_params( ...array_values(array_slice($params, 0, 5)) );
|
||||
}
|
||||
|
||||
|
||||
session_name($options['name']);
|
||||
session_cache_limiter($options['cache_limiter'] ?? 'nocache');
|
||||
session_start();
|
||||
|
||||
# Reset timeout after session started
|
||||
$cookie->set(session_name(), session_id(), time() + $params['lifetime'], $params['path'], $params['domain'], $params['secure'], $params['httponly'], $params['samesite']);
|
||||
}
|
||||
|
||||
public static function stop() {
|
||||
session_write_close();
|
||||
}
|
||||
|
||||
public static function regenerate()
|
||||
|
|
|
|||
Loading…
Reference in New Issue