mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #13340 from owncloud/use-http-only 

Use "HTTPOnly" for cookies when logging out
This commit is contained in:
Lukas Reschke 2015-02-24 13:50:49 +01:00
parent 65dcbccee0 a2e355a7fe
commit 276824299c
1 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
lib/private/user/session.php
View File

@ -285,27 +285,30 @@ class Session implements IUserSession, Emitter {
* @param string $token
*/
public function setMagicInCookie($username, $token) {
$secure_cookie = \OC_Config::getValue("forcessl", false); //TODO: DI for cookies and OC_Config
$secureCookie = \OC_Config::getValue("forcessl", false); //TODO: DI for cookies and OC_Config
$expires = time() + \OC_Config::getValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
setcookie("oc_username", $username, $expires, \OC::$WEBROOT, '', $secure_cookie);
setcookie("oc_token", $token, $expires, \OC::$WEBROOT, '', $secure_cookie, true);
setcookie("oc_remember_login", "1", $expires, \OC::$WEBROOT, '', $secure_cookie);
setcookie("oc_username", $username, $expires, \OC::$WEBROOT, '', $secureCookie, true);
setcookie("oc_token", $token, $expires, \OC::$WEBROOT, '', $secureCookie, true);
setcookie("oc_remember_login", "1", $expires, \OC::$WEBROOT, '', $secureCookie, true);
}
/**
* Remove cookie for "remember username"
*/
public function unsetMagicInCookie() {
//TODO: DI for cookies and OC_Config
$secureCookie = \OC_Config::getValue('forcessl', false);
unset($_COOKIE["oc_username"]); //TODO: DI
unset($_COOKIE["oc_token"]);
unset($_COOKIE["oc_remember_login"]);
setcookie('oc_username', '', time() - 3600, \OC::$WEBROOT);
setcookie('oc_token', '', time() - 3600, \OC::$WEBROOT);
setcookie('oc_remember_login', '', time() - 3600, \OC::$WEBROOT);
setcookie('oc_username', '', time() - 3600, \OC::$WEBROOT, '',$secureCookie, true);
setcookie('oc_token', '', time() - 3600, \OC::$WEBROOT, '', $secureCookie, true);
setcookie('oc_remember_login', '', time() - 3600, \OC::$WEBROOT, '', $secureCookie, true);
// old cookies might be stored under /webroot/ instead of /webroot
// and Firefox doesn't like it!
setcookie('oc_username', '', time() - 3600, \OC::$WEBROOT . '/');
setcookie('oc_token', '', time() - 3600, \OC::$WEBROOT . '/');
setcookie('oc_remember_login', '', time() - 3600, \OC::$WEBROOT . '/');
setcookie('oc_username', '', time() - 3600, \OC::$WEBROOT . '/', '', $secureCookie, true);
setcookie('oc_token', '', time() - 3600, \OC::$WEBROOT . '/', '', $secureCookie, true);
setcookie('oc_remember_login', '', time() - 3600, \OC::$WEBROOT . '/', '', $secureCookie, true);
}
}