[pLog-svn] r1012 - plog/trunk/class/net/http/session

oscar at devel.plogworld.net oscar at devel.plogworld.net
Tue Feb 8 22:55:57 GMT 2005 

Author: oscar
Date: 2005-02-08 22:55:57 +0000 (Tue, 08 Feb 2005)
New Revision: 1012

Modified:
   plog/trunk/class/net/http/session/sessionmanager.class.php
Log:
enabled the code that sets the domain in the session cookie, but needed to add a workaround for top-level domains such as 'localhost' (in fact, no domain is set in the cookie in those cases)

Modified: plog/trunk/class/net/http/session/sessionmanager.class.php
===================================================================
--- plog/trunk/class/net/http/session/sessionmanager.class.php	2005-02-08 22:41:09 UTC (rev 1011)
+++ plog/trunk/class/net/http/session/sessionmanager.class.php	2005-02-08 22:55:57 UTC (rev 1012)
@@ -3,6 +3,7 @@
 	include_once( PLOG_CLASS_PATH."class/object/object.class.php" );
     include_once( PLOG_CLASS_PATH."class/net/http/httpvars.class.php" );
 	include_once( PLOG_CLASS_PATH."class/net/http/session/sessioninfo.class.php" );
+	include_once( PLOG_CLASS_PATH."class/config/config.class.php" );
 	
 	/**
 	 * @package session
@@ -25,7 +26,7 @@
 		{
 			// this needs to be done before the session is started
 			SessionManager::setSessionCookiePath();
-			//SessionManager::setSessionCookieDomain();
+			SessionManager::setSessionCookieDomain();
 		
 			//session_cache_limiter( "public" );
 			session_name( "plog_session" );
@@ -72,13 +73,19 @@
 		 */
 		function setSessionCookieDomain()
 		{
-			$server = HttpVars::getServer();
-			$domain = $server["HTTP_HOST"];
-
-			$log =& LoggerManager::getLogger();
-			$log->debug("cookie domain = $domain");			
+			$scriptUrl = HttpVars::getBaseUrl();
+			$url = new Url( $scriptUrl );
+			$domain = $url->getHost();
 			
-			ini_set( "session.cookie_domain", $domain );
+			// this won't work for top level domains and domains such as
+			// 'localhost' or internal domains for obvious security reasons...
+			// See comments in http://fi.php.net/manual/en/function.session-set-cookie-params.php
+			if( count(explode($domain, '.')) > 1 ) {
+				$log =& LoggerManager::getLogger();
+				$log->debug("cookie domain = $domain");			
+			
+				ini_set( "session.cookie_domain", $domain );
+			}
 		}
 	}
 ?>

More information about the pLog-svn mailing list