mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge pull request #10022 from xini/fix-session-destroy
take current request protocol into account when deleting session cookie
This commit is contained in:
commit
83b458ff59
@ -245,7 +245,7 @@ class Session
|
||||
*/
|
||||
public function restart(HTTPRequest $request)
|
||||
{
|
||||
$this->destroy();
|
||||
$this->destroy(true, $request);
|
||||
$this->start($request);
|
||||
}
|
||||
|
||||
@ -358,14 +358,18 @@ class Session
|
||||
* Destroy this session
|
||||
*
|
||||
* @param bool $removeCookie
|
||||
* @param HTTPRequest $request The request for which to destroy a session
|
||||
*/
|
||||
public function destroy($removeCookie = true)
|
||||
public function destroy($removeCookie = true, HTTPRequest $request = null)
|
||||
{
|
||||
if (session_id()) {
|
||||
if ($removeCookie) {
|
||||
if (!$request) {
|
||||
$request = Controller::curr()->getRequest();
|
||||
}
|
||||
$path = $this->config()->get('cookie_path') ?: Director::baseURL();
|
||||
$domain = $this->config()->get('cookie_domain');
|
||||
$secure = $this->config()->get('cookie_secure');
|
||||
$secure = Director::is_https($request) && $this->config()->get('cookie_secure');
|
||||
Cookie::force_expiry(session_name(), $path, $domain, $secure, true);
|
||||
}
|
||||
session_destroy();
|
||||
|
@ -112,6 +112,6 @@ class SessionAuthenticationHandler implements AuthenticationHandler
|
||||
public function logOut(HTTPRequest $request = null)
|
||||
{
|
||||
$request = $request ?: Controller::curr()->getRequest();
|
||||
$request->getSession()->destroy();
|
||||
$request->getSession()->destroy(true, $request);
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user