From fbffbe0170d4a47cdefaaf99a3dfa4008de0f886 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Sat, 6 Apr 2013 00:16:52 +0200 Subject: [PATCH] Juse send the cookies in the ownCloud directory --- lib/base.php | 5 ++++- lib/user.php | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/base.php b/lib/base.php index 76ad0654ed..dde994a7e5 100644 --- a/lib/base.php +++ b/lib/base.php @@ -323,6 +323,9 @@ class OC { // prevents javascript from accessing php session cookies ini_set('session.cookie_httponly', '1;'); + // set the cookie path to the ownCloud directory + ini_set('session.cookie_path', OC::$WEBROOT); + // set the session name to the instance id - which is unique session_name(OC_Util::getInstanceId()); @@ -354,7 +357,7 @@ class OC { // session timeout if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 60*60*24)) { if (isset($_COOKIE[session_name()])) { - setcookie(session_name(), '', time() - 42000, '/'); + setcookie(session_name(), '', time() - 42000, OC::$WEBROOT); } session_unset(); session_destroy(); diff --git a/lib/user.php b/lib/user.php index 33e2526817..b19af94079 100644 --- a/lib/user.php +++ b/lib/user.php @@ -633,9 +633,9 @@ class OC_User { public static function setMagicInCookie($username, $token) { $secure_cookie = OC_Config::getValue("forcessl", false); $expires = time() + OC_Config::getValue('remember_login_cookie_lifetime', 60*60*24*15); - setcookie("oc_username", $username, $expires, '', '', $secure_cookie); - setcookie("oc_token", $token, $expires, '', '', $secure_cookie, true); - setcookie("oc_remember_login", true, $expires, '', '', $secure_cookie); + setcookie("oc_username", $username, $expires, OC::$WEBROOT, '', $secure_cookie); + setcookie("oc_token", $token, $expires, OC::$WEBROOT, '', $secure_cookie, true); + setcookie("oc_remember_login", true, $expires, OC::$WEBROOT, '', $secure_cookie); } /**