From 9642c7171c217c44bc9859fa428f454a544c8c91 Mon Sep 17 00:00:00 2001
From: Sam Minnee <sam@silverstripe.com>
Date: Mon, 12 Oct 2009 03:27:41 +0000
Subject: [PATCH] ENHANCEMENT: Added Member::set_login_marker_cookie(), to let
 developers bypass static caching for logged-in users (from r73803)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@88635 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 security/Member.php | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/security/Member.php b/security/Member.php
index 047632da1..0668b6853 100644
--- a/security/Member.php
+++ b/security/Member.php
@@ -92,6 +92,35 @@ class Member extends DataObject {
 
 	protected static $lock_out_after_incorrect_logins = null;
 	
+	/**
+	 * If this is set, then a session cookie with the given name will be set on log-in,
+	 * and cleared on logout.
+	 */
+	protected static $login_marker_cookie = null;
+
+	/**
+	 * If this is called, then a session cookie will be set to "1" whenever a user
+	 * logs in.  This lets 3rd party tools, such as apache's mod_rewrite, detect
+	 * whether a user is logged in or not and alter behaviour accordingly.
+	 * 
+	 * One known use of this is to bypass static caching for logged in users.  This is
+	 * done by putting this into _config.php
+	 * <pre>
+	 * Member::set_login_marker_cookie("SS_LOGGED_IN");
+	 * </pre>
+	 * 
+	 * And then adding this condition to each of the rewrite rules that make use of
+	 * the static cache.
+	 * <pre>
+	 * RewriteCond %{HTTP_COOKIE} !SS_LOGGED_IN=1
+	 * </pre>
+	 * 
+	 * @param $cookieName string The name of the cookie to set.
+	 */
+	static function set_login_marker_cookie($cookieName) {
+		self::$login_marker_cookie = $cookieName;
+	} 
+	
 	/**
 	 * This method is used to initialize the static database members
 	 *
@@ -211,6 +240,8 @@ class Member extends DataObject {
 		self::session_regenerate_id();
 
 		Session::set("loggedInAs", $this->ID);
+		// This lets apache rules detect whether the user has logged in
+		if(self::$login_marker_cookie) Cookie::set(self::$login_marker_cookie, 1, 0);
 
 		$this->NumVisit++;
 
@@ -282,6 +313,8 @@ class Member extends DataObject {
 			if($member) {
 				self::session_regenerate_id();
 				Session::set("loggedInAs", $member->ID);
+				// This lets apache rules detect whether the user has logged in
+				if(self::$login_marker_cookie) Cookie::set(self::$login_marker_cookie, 1, 0);
 
 				$token = substr(md5(uniqid(rand(), true)), 0, 49 - strlen($member->ID));
 				$member->RememberLoginToken = $token;
@@ -301,6 +334,7 @@ class Member extends DataObject {
 	 */
 	function logOut() {
 		Session::clear("loggedInAs");
+		if(self::$login_marker_cookie) Cookie::set(self::$login_marker_cookie, null, 0);
 		self::session_regenerate_id();
 
 		$this->extend('memberLoggedOut');