mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-08-03 14:47:30 +02:00
Code Issues Releases Wiki Activity

Support empty path scope for cookies to restrict to current directory

Browse Source
This commit is contained in:
Marco
2017-10-20 08:47:56 +02:00
parent ecd8015acf
commit 2cf7b27ba3
2 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Migration.md
View File

@@ -54,6 +54,14 @@ $ composer update delight-im/auth
Then the domain scope for [one of the cookies](#cookies) used by this library has changed. To make your application work correctly with the new scope, [rename the cookies](#renaming-the-librarys-cookies) used by this library in order to prevent conflicts with old cookies that have been created previously. Renaming the cookies is critically important here. We recommend a versioned name such as `session_v1` for the session cookie.
* If the directive `session.cookie_path` is set to an empty value, then the path scope for [one of the cookies](#cookies) used by this library has changed. To make your application work correctly with the new scope, [rename the cookies](#renaming-the-librarys-cookies) used by this library in order to prevent conflicts with old cookies that have been created previously. Renaming the cookies is critically important here. We recommend a versioned name such as `session_v1` for the session cookie.
The directive may have been set directly in your [PHP configuration](http://php.net/manual/en/configuration.file.php) (`php.ini`), via the `\ini_set` method or via the `\session_set_cookie_params` method. You can check the value of that directive by executing the following statement somewhere in your application:
```php
\var_dump(\ini_get('session.cookie_path'));
```
## From `v5.x.x` to `v6.x.x`
* The database schema has changed.

8
src/Auth.php
View File

@@ -453,9 +453,7 @@ final class Auth extends UserManager {
$cookie->setValue($content);
$cookie->setExpiryTime($expires);
if (!empty($params['path'])) {
$cookie->setPath($params['path']);
}
$cookie->setPath($params['path']);
$cookie->setDomain($params['domain']);
$cookie->setHttpOnly($params['httponly']);
@@ -545,9 +543,7 @@ final class Auth extends UserManager {
// cause the session cookie to be deleted
$cookie = new Cookie(\session_name());
if (!empty($params['path'])) {
$cookie->setPath($params['path']);
}
$cookie->setPath($params['path']);
$cookie->setDomain($params['domain']);
$cookie->setHttpOnly($params['httponly']);