From 8651cd38ad709523359413741a0da3c9f3cd8392 Mon Sep 17 00:00:00 2001
From: Sebastian Grewe <sebastian@grewe.ca>
Date: Sat, 8 Mar 2014 08:41:00 +0100
Subject: [PATCH] [FIX] Changing Cookie Domain

---
 public/include/bootstrap.php          | 10 +++++-----
 public/include/classes/user.class.php |  7 ++-----
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/public/include/bootstrap.php b/public/include/bootstrap.php
index fc300de6d..c63ad5faa 100644
--- a/public/include/bootstrap.php
+++ b/public/include/bootstrap.php
@@ -19,13 +19,13 @@
 if (@file_exists(BASEPATH . 'include/config/security.inc.php')) include_once(BASEPATH . 'include/config/security.inc.php');
 
 // start our session, we need it for smarty caching
-$session_start = @session_start();
 session_set_cookie_params(time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
+$session_start = @session_start();
 if (!$session_start) {
-    $log->log("info", "Forcing session id regeneration, session failed to start [hijack attempt?]");
-      session_destroy();
-      session_regenerate_id(true);
-        session_start();
+  $log->log("info", "Forcing session id regeneration, session failed to start [hijack attempt?]");
+  session_destroy();
+  session_regenerate_id(true);
+  session_start();
 }
 @setcookie(session_name(), session_id(), time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
 
diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php
index 96c15cb82..81fefd451 100644
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@@ -624,15 +624,12 @@ public function logoutUser() {
     // Unset all of the session variables
     $_SESSION = array();
     // As we're killing the sesison, also kill the cookie!
-    if (ini_get("session.use_cookies")) {
-        $params = session_get_cookie_params();
-        setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
-    }
+    setcookie(session_name(), '', time() - 42000);
     // Destroy the session.
     session_destroy();
     // Enforce generation of a new Session ID and delete the old
     session_regenerate_id(true);
-    
+
     // Enforce a page reload and point towards login with referrer included, if supplied
     $port = ($_SERVER["SERVER_PORT"] == "80" || $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);
     $pushto = $_SERVER['SCRIPT_NAME'].'?page=login';