mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-08-05 07:37:25 +02:00
Code Issues Releases Wiki Activity

Change name of 'remember me' cookie to be dependent on session name

Browse Source
This commit is contained in:
Marco
2017-10-19 01:44:19 +02:00
parent a4b68167a1
commit 8165e8917b
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/Auth.php
View File

@@ -30,7 +30,6 @@ final class Auth extends UserManager {
const SESSION_FIELD_REMEMBERED = 'auth_remembered'; const SESSION_FIELD_REMEMBERED = 'auth_remembered';
const COOKIE_PREFIXES = [ '__Secure-', '__Host-' ]; const COOKIE_PREFIXES = [ '__Secure-', '__Host-' ];
const COOKIE_CONTENT_SEPARATOR = '~'; const COOKIE_CONTENT_SEPARATOR = '~';
const COOKIE_NAME_REMEMBER = 'auth_remember';
/** @var boolean whether HTTPS (TLS/SSL) will be used (recommended) */ /** @var boolean whether HTTPS (TLS/SSL) will be used (recommended) */
private $useHttps; private $useHttps;
@@ -38,6 +37,8 @@ final class Auth extends UserManager {
private $allowCookiesScriptAccess; private $allowCookiesScriptAccess;
/** @var string the user's current IP address */ /** @var string the user's current IP address */
private $ipAddress; private $ipAddress;
/** @var string the name of the cookie used for the 'remember me' feature */
private $rememberCookieName;
/** /**
* @param PdoDatabase|PdoDsn|\PDO $databaseConnection the database connection to operate on * @param PdoDatabase|PdoDsn|\PDO $databaseConnection the database connection to operate on
@@ -52,6 +53,7 @@ final class Auth extends UserManager {
$this->useHttps = $useHttps; $this->useHttps = $useHttps;
$this->allowCookiesScriptAccess = $allowCookiesScriptAccess; $this->allowCookiesScriptAccess = $allowCookiesScriptAccess;
$this->ipAddress = !empty($ipAddress) ? $ipAddress : (isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : null); $this->ipAddress = !empty($ipAddress) ? $ipAddress : (isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : null);
$this->rememberCookieName = self::createRememberCookieName();
$this->initSession(); $this->initSession();
$this->enhanceHttpSecurity(); $this->enhanceHttpSecurity();
@@ -101,9 +103,10 @@ final class Auth extends UserManager {
// if the user is not signed in yet // if the user is not signed in yet
if (!$this->isLoggedIn()) { if (!$this->isLoggedIn()) {
// if a remember cookie is set // if a remember cookie is set
if (isset($_COOKIE[self::COOKIE_NAME_REMEMBER])) { if (isset($_COOKIE[$this->rememberCookieName])) {
// split the cookie's content into selector and token // split the cookie's content into selector and token
$parts = \explode(self::COOKIE_CONTENT_SEPARATOR, $_COOKIE[self::COOKIE_NAME_REMEMBER], 2); $parts = \explode(self::COOKIE_CONTENT_SEPARATOR, $_COOKIE[$this->rememberCookieName], 2);
// if both selector and token were found // if both selector and token were found
if (isset($parts[0]) && isset($parts[1])) { if (isset($parts[0]) && isset($parts[1])) {
try { try {
@@ -424,7 +427,7 @@ final class Auth extends UserManager {
// set the cookie with the selector and token // set the cookie with the selector and token
$cookie = new Cookie(self::COOKIE_NAME_REMEMBER); $cookie = new Cookie($this->rememberCookieName);
$cookie->setValue($content); $cookie->setValue($content);
$cookie->setExpiryTime($expires); $cookie->setExpiryTime($expires);