* true: Force setting the secure attribute when setting the cookie
* false: Force NOT setting the secure attribute when setting the cookie
* null (default): Use the default ($wgCookieSecure) to set the secure attribute
+ * @param array $params Array of options sent passed to WebResponse::setcookie()
*/
- protected function setCookie( $name, $value, $exp = 0, $secure = null ) {
- $this->getRequest()->response()->setcookie( $name, $value, $exp, array(
- 'secure' => $secure,
- ) );
+ protected function setCookie( $name, $value, $exp = 0, $secure = null, $params = array() ) {
+ $params['secure'] = $secure;
+ $this->getRequest()->response()->setcookie( $name, $value, $exp, $params );
}
/**
* Clear a cookie on the user's client
* @param string $name Name of the cookie to clear
+ * @param bool $secure
+ * true: Force setting the secure attribute when setting the cookie
+ * false: Force NOT setting the secure attribute when setting the cookie
+ * null (default): Use the default ($wgCookieSecure) to set the secure attribute
+ * @param array $params Array of options sent passed to WebResponse::setcookie()
*/
- protected function clearCookie( $name ) {
- $this->setCookie( $name, '', time() - 86400 );
+ protected function clearCookie( $name, $secure = null, $params = array() ) {
+ $this->setCookie( $name, '', time() - 86400, $secure, $params );
}
/**
/**
* If wpStickHTTPS was selected, also set an insecure cookie that
* will cause the site to redirect the user to HTTPS, if they access
- * it over HTTP. Bug 29898.
+ * it over HTTP. Bug 29898. Use an un-prefixed cookie, so it's the same
+ * as the one set by centralauth (bug 53538). Also set it to session, or
+ * standard time setting, based on if rememberme was set.
*/
if ( $request->getCheck( 'wpStickHTTPS' ) || $this->requiresHTTPS() ) {
- $this->setCookie( 'forceHTTPS', 'true', time() + 2592000, false ); //30 days
+ $time = null;
+ if ( ( 1 == $this->getOption( 'rememberpassword' ) ) ) {
+ $time = 0; // set to $wgCookieExpiration
+ }
+ $this->setCookie(
+ 'forceHTTPS',
+ 'true',
+ $time,
+ false,
+ array( 'prefix' => '' ) // no prefix
+ );
}
}
$this->clearCookie( 'UserID' );
$this->clearCookie( 'Token' );
- $this->clearCookie( 'forceHTTPS' );
+ $this->clearCookie( 'forceHTTPS', false, array( 'prefix' => '' ) );
// Remember when user logged out, to prevent seeing cached pages
$this->setCookie( 'LoggedOut', time(), time() + 86400 );
dépôts / lhc / web / wiklou.git / commitdiff