Reapir login cookies and session

2020-10-26 09:44:59 +01:00 · 2020-10-26 09:44:59 +01:00 · e2c16072b9
commit e2c16072b9
parent c7e18d6959
3 changed files with 15 additions and 8 deletions
--- a/app/Bootstrap.php
+++ b/app/Bootstrap.php
@ -4,11 +4,18 @@ error_reporting(E_ALL);
 ini_set( 'display_errors','1');
 //setup
-ini_set ('session.cookie_httponly', '1');
+session_set_cookie_params(
    1209600,
    str_replace('login', "", str_replace('https://' . $_SERVER['HTTP_HOST'], "", $_SERVER['REQUEST_URI'])),
    str_replace("/var/www/", "", $_SERVER['DOCUMENT_ROOT']),
    true,
    true
 );
 /*ini_set ('session.cookie_httponly', '1');
 ini_set('session.cookie_domain', $_SERVER['HTTP_HOST']);
-ini_set('session.cookie_path', str_replace("login", "", str_replace('https://' . $_SERVER['HTTP_HOST'], "", $_SERVER['REQUEST_URI'])));
+ini_set('session.cookie_path', str_replace('login', "", str_replace('https://' . $_SERVER['HTTP_HOST'], "", $_SERVER['REQUEST_URI'])));
 ini_set('session.cookie_secure', '1');
-ini_set('session.gc_maxlifetime', 1209600);
+ini_set('session.gc_maxlifetime', 1209600);*/
 mb_internal_encoding ("UTF-8");
 session_start();
--- a/app/models/managers/UserManager.php
+++ b/app/models/managers/UserManager.php
@ -44,6 +44,7 @@ class UserManager
 	public static function login ($username, $password, $rememberMe) {
 		try {
 			if ($user = Db::loadOne ('SELECT * FROM users WHERE (LOWER(username)=LOWER(?) OR LOWER(email)=LOWER(?))', array ($username, $username))) {
 				var_dump($user);
 				if ($user['password'] == UserManager::getHashPassword($password)) {
 					if (isset($rememberMe) && $rememberMe == 'true') {
 						setcookie ("rememberMe", self::setEncryptedCookie($user['username']), time () + (30 * 24 * 60 * 60 * 1000), BASEDIR, $_SERVER['HTTP_HOST'], 1);
@ -96,11 +97,9 @@ class UserManager
 	public static function logout () {
 		unset($_SESSION['user']);
 		session_destroy();
 		if (isset($_COOKIE['rememberMe'])){
 		unset($_COOKIE['rememberMe']);
-			setcookie("rememberMe", 'false', time(), BASEDIR, $_SERVER['HTTP_HOST']);
+		setcookie("rememberMe", 'false', 0 - time(), BASEDIR, $_SERVER['HTTP_HOST']);
-		}
+		session_destroy();
 	}
 	public static function setEncryptedCookie($value){
--- a/public/js/setting.js
+++ b/public/js/setting.js
@ -1,3 +1,4 @@
 navigator.permissions.query({name:'notifications'}).then(function(result) {
    var element = document.getElementById("notifications");
    if (result.state === 'granted') {
@ -45,7 +46,7 @@ $( "button[name='deactivateOta']" ).click(function(){
        url: 'ajax',
        type: 'POST',
        data: {
-            "ota" : 'X',
+            "ota": 'X',
            "action": 'disable'
        },
        success: function(data){