tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

API CHANGE Member::set_session_regenerate_id() can now be used to disable Member::session_regenerate_id() which can break setting session cookies across all subdomains of a site (from r109103)

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112781 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee 2010-10-19 00:55:33 +00:00
parent f8ec13a1ab
commit cf6907931b
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
security/Member.php
View File

@ -110,6 +110,21 @@ class Member extends DataObject {
*/ */
protected static $login_marker_cookie = null; protected static $login_marker_cookie = null;
/**
* Indicates that when a {@link Member} logs in, Member:session_regenerate_id()
* should be called as a security precaution.
*
* This doesn't always work, especially if you're trying to set session cookies
* across an entire site using the domain parameter to session_set_cookie_params()
*
* @var boolean
*/
protected static $session_regenerate_id = true;
public static function set_session_regenerate_id($bool) {
self::$session_regenerate_id = $bool;
}
/** /**
* Ensure the locale is set to something sensible by default. * Ensure the locale is set to something sensible by default.
*/ */
@ -229,6 +244,8 @@ class Member extends DataObject {
* quirky problems (such as using the Windmill 0.3.6 proxy). * quirky problems (such as using the Windmill 0.3.6 proxy).
*/ */
static function session_regenerate_id() { static function session_regenerate_id() {
if(!self::$session_regenerate_id) return;
// This can be called via CLI during testing. // This can be called via CLI during testing.
if(Director::is_cli()) return; if(Director::is_cli()) return;