From ad7ab8d2f643bafaf95c0ef5f49ff0f32a894402 Mon Sep 17 00:00:00 2001
From: Binal Gajjar <binal.gajjar7@gmail.com>
Date: Fri, 13 Sep 2019 17:57:28 +0530
Subject: [PATCH] Expire and cookie

---
 src/endpoints/Auth.php |  2 +-
 src/helpers/all.php    | 11 +++--------
 2 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/src/endpoints/Auth.php b/src/endpoints/Auth.php
index d1459567af..be659eee40 100644
--- a/src/endpoints/Auth.php
+++ b/src/endpoints/Auth.php
@@ -92,7 +92,7 @@ public function startSession(Request $request, Response $response)
             $expirationMinutes =  get_directus_setting('auto_sign_out');
             $expiry = new \DateTimeImmutable('now + '.$expirationMinutes.'minutes');
             $cookie = new Cookies();
-            $cookie->set('access_token',['value' => $token,'expires' =>$expiry->format(\DateTime::COOKIE),'httponly' => true]);
+            $cookie->set('access_token',['value' => $token,'expires' =>$expiry->format(\DateTime::COOKIE),'path'=>'/','httponly' => true]);
             $response =  $response->withAddedHeader('Set-Cookie',$cookie->toHeaders());
         }
 
diff --git a/src/helpers/all.php b/src/helpers/all.php
index 137c95e787..09d9084c7a 100644
--- a/src/helpers/all.php
+++ b/src/helpers/all.php
@@ -297,13 +297,9 @@ function get_request_authorization_token(Request $request)
             if (is_string($authorizationHeader) && preg_match("/Bearer\s+(.*)$/i", $authorizationHeader, $matches)) {
                 $authToken = $matches[1];
             }
-        } elseif ($request->hasHeader('Set-Cookie')) {
-            $authorizationHeader = $request->getHeader('Set-Cookie');
-            // If there's multiple Authorization header, pick first, ignore the rest
-            if (is_array($authorizationHeader)) {
-                $authorizationHeader = array_shift($authorizationHeader);
-            }
-            
+        } elseif ($request->hasHeader('Cookie')) {
+            $authorizationHeader = $request->getCookieParam('access_token');
+          
             if (is_string($authorizationHeader)) {
                 $app = Application::getInstance();
                 $authService = $app->getContainer()->get('services')->get('auth');
@@ -312,7 +308,6 @@ function get_request_authorization_token(Request $request)
                 $authToken = isset($userSession['id']) ? $authToken : null;
             }
         }
-
         return $authToken;
     }
 }