[pLog-svn] r1012 - plog/trunk/class/net/http/session
oscar at devel.plogworld.net
oscar at devel.plogworld.net
Tue Feb 8 22:55:57 GMT 2005
Author: oscar
Date: 2005-02-08 22:55:57 +0000 (Tue, 08 Feb 2005)
New Revision: 1012
Modified:
plog/trunk/class/net/http/session/sessionmanager.class.php
Log:
enabled the code that sets the domain in the session cookie, but needed to add a workaround for top-level domains such as 'localhost' (in fact, no domain is set in the cookie in those cases)
Modified: plog/trunk/class/net/http/session/sessionmanager.class.php
===================================================================
--- plog/trunk/class/net/http/session/sessionmanager.class.php 2005-02-08 22:41:09 UTC (rev 1011)
+++ plog/trunk/class/net/http/session/sessionmanager.class.php 2005-02-08 22:55:57 UTC (rev 1012)
@@ -3,6 +3,7 @@
include_once( PLOG_CLASS_PATH."class/object/object.class.php" );
include_once( PLOG_CLASS_PATH."class/net/http/httpvars.class.php" );
include_once( PLOG_CLASS_PATH."class/net/http/session/sessioninfo.class.php" );
+ include_once( PLOG_CLASS_PATH."class/config/config.class.php" );
/**
* @package session
@@ -25,7 +26,7 @@
{
// this needs to be done before the session is started
SessionManager::setSessionCookiePath();
- //SessionManager::setSessionCookieDomain();
+ SessionManager::setSessionCookieDomain();
//session_cache_limiter( "public" );
session_name( "plog_session" );
@@ -72,13 +73,19 @@
*/
function setSessionCookieDomain()
{
- $server = HttpVars::getServer();
- $domain = $server["HTTP_HOST"];
-
- $log =& LoggerManager::getLogger();
- $log->debug("cookie domain = $domain");
+ $scriptUrl = HttpVars::getBaseUrl();
+ $url = new Url( $scriptUrl );
+ $domain = $url->getHost();
- ini_set( "session.cookie_domain", $domain );
+ // this won't work for top level domains and domains such as
+ // 'localhost' or internal domains for obvious security reasons...
+ // See comments in http://fi.php.net/manual/en/function.session-set-cookie-params.php
+ if( count(explode($domain, '.')) > 1 ) {
+ $log =& LoggerManager::getLogger();
+ $log->debug("cookie domain = $domain");
+
+ ini_set( "session.cookie_domain", $domain );
+ }
}
}
?>
More information about the pLog-svn
mailing list