tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

FIX Absolute alternate_base_url no longer breaks session cookies

Browse Source
This commit is contained in:
Daniel Hensby 2016-10-04 14:21:32 +01:00
parent f2d3026e93
commit 6dde5ce571
No known key found for this signature in database
GPG Key ID: B00D1E9767F0B06E
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
control/Session.php
View File

@ -359,6 +359,15 @@ class Session {
$path = Config::inst()->get('Session', 'cookie_path'); $path = Config::inst()->get('Session', 'cookie_path');
if(!$path) $path = Director::baseURL(); if(!$path) $path = Director::baseURL();
$domain = Config::inst()->get('Session', 'cookie_domain'); $domain = Config::inst()->get('Session', 'cookie_domain');
// Director::baseURL can return absolute domain names - this extracts the relevant parts
// for the session otherwise we can get broken session cookies
if (Director::is_absolute_url($path)) {
$urlParts = parse_url($path);
$path = $urlParts['path'];
if (!$domain) {
$domain = $urlParts['host'];
}
}
$secure = Director::is_https() && Config::inst()->get('Session', 'cookie_secure'); $secure = Director::is_https() && Config::inst()->get('Session', 'cookie_secure');
$session_path = Config::inst()->get('Session', 'session_store_path'); $session_path = Config::inst()->get('Session', 'session_store_path');
$timeout = Config::inst()->get('Session', 'timeout'); $timeout = Config::inst()->get('Session', 'timeout');