From: Zach Prezkuta Date: Mon, 24 Dec 2012 19:52:49 +0000 (-0700) Subject: delete cookie on browser close after logout X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=f0f8d0f6870f9f46c8e54caeeadb7e49d89b92d7;p=friendica.git delete cookie on browser close after logout --- diff --git a/include/auth.php b/include/auth.php index b534d4a4d3..4c695cc1e3 100644 --- a/include/auth.php +++ b/include/auth.php @@ -5,6 +5,8 @@ require_once('include/security.php'); require_once('include/datetime.php'); function nuke_session() { + new_cookie(0); // make sure cookie is deleted on browser close, as a security measure + unset($_SESSION['authenticated']); unset($_SESSION['uid']); unset($_SESSION['visitor_id']); @@ -187,18 +189,10 @@ else { // (i.e. expire when the browser is closed), even when there's a time expiration // on the cookie if($_POST['remember']) { - $old_sid = session_id(); - session_set_cookie_params('31449600'); // one year - session_regenerate_id(false); - - q("UPDATE session SET sid = '%s' WHERE sid = '%s'", dbesc(session_id()), dbesc($old_sid)); + new_cookie(31449600); // one year } else { - $old_sid = session_id(); - session_set_cookie_params('0'); - session_regenerate_id(false); - - q("UPDATE session SET sid = '%s' WHERE sid = '%s'", dbesc(session_id()), dbesc($old_sid)); + new_cookie(0); // 0 means delete on browser exit } // if we haven't failed up this point, log them in. @@ -208,4 +202,10 @@ else { } } +function new_cookie($time) { + $old_sid = session_id(); + session_set_cookie_params("$time"); + session_regenerate_id(false); + q("UPDATE session SET sid = '%s' WHERE sid = '%s'", dbesc(session_id()), dbesc($old_sid)); +}