Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Replace core dependency of SERVICE_SESSION_FORCE_COOKIE_USAGE with in…

…i_get session.use_only_cookies

Add support for session.cookie_secure and session.cookie_httponly
  • Loading branch information...
commit ef6009f3f71956c36069f3fb7b3c5dc6be694f27 1 parent 4765e74
@haraldpdl authored
View
2  osCommerce/OM/Core/OSCOM.php
@@ -266,7 +266,7 @@ public static function getLink($site = null, $application = null, $parameters =
$link .= HTML::output($parameters) . '&';
}
- if ( ($add_session_id === true) && Registry::exists('Session') && Registry::get('Session')->hasStarted() && (SERVICE_SESSION_FORCE_COOKIE_USAGE == '-1') ) {
+ if ( ($add_session_id === true) && Registry::exists('Session') && Registry::get('Session')->hasStarted() && ((bool)ini_get('session.use_only_cookies') === false) ) {
if ( strlen(SID) > 0 ) {
$_sid = SID;
} elseif ( ((static::getRequestType() == 'NONSSL') && ($connection == 'SSL') && (static::getConfig('enable_ssl', $site) == 'true')) || ((static::getRequestType() == 'SSL') && ($connection != 'SSL')) ) {
View
10 osCommerce/OM/Core/SessionAbstract.php
@@ -1,8 +1,8 @@
<?php
/**
* osCommerce Online Merchant
- *
- * @copyright Copyright (c) 2011 osCommerce; http://www.oscommerce.com
+ *
+ * @copyright Copyright (c) 2014 osCommerce; http://www.oscommerce.com
* @license BSD License; http://www.oscommerce.com/bsdlicense.txt
*/
@@ -77,13 +77,13 @@ public function start() {
$this->_life_time = ini_get('session.gc_maxlifetime');
}
- session_set_cookie_params(0, ((OSCOM::getRequestType() == 'NONSSL') ? OSCOM::getConfig('http_cookie_path') : OSCOM::getConfig('https_cookie_path')), ((OSCOM::getRequestType() == 'NONSSL') ? OSCOM::getConfig('http_cookie_domain') : OSCOM::getConfig('https_cookie_domain')));
+ session_set_cookie_params(0, ((OSCOM::getRequestType() == 'NONSSL') ? OSCOM::getConfig('http_cookie_path') : OSCOM::getConfig('https_cookie_path')), ((OSCOM::getRequestType() == 'NONSSL') ? OSCOM::getConfig('http_cookie_domain') : OSCOM::getConfig('https_cookie_domain')), (bool)ini_get('session.cookie_secure'), (bool)ini_get('session.cookie_httponly'));
- if ( isset($_GET[$this->_name]) && (empty($_GET[$this->_name]) || !ctype_alnum($_GET[$this->_name]) || !$this->exists($_GET[$this->_name])) ) {
+ if ( isset($_GET[$this->_name]) && ((bool)ini_get('session.use_only_cookies') || empty($_GET[$this->_name]) || !ctype_alnum($_GET[$this->_name]) || !$this->exists($_GET[$this->_name])) ) {
unset($_GET[$this->_name]);
}
- if ( isset($_POST[$this->_name]) && (empty($_POST[$this->_name]) || !ctype_alnum($_POST[$this->_name]) || !$this->exists($_POST[$this->_name])) ) {
+ if ( isset($_POST[$this->_name]) && ((bool)ini_get('session.use_only_cookies') || empty($_POST[$this->_name]) || !ctype_alnum($_POST[$this->_name]) || !$this->exists($_POST[$this->_name])) ) {
unset($_POST[$this->_name]);
}
View
14 osCommerce/OM/Core/Site/Shop/Module/Service/Session.php
@@ -1,15 +1,15 @@
<?php
/**
* osCommerce Online Merchant
- *
- * @copyright Copyright (c) 2011 osCommerce; http://www.oscommerce.com
+ *
+ * @copyright Copyright (c) 2014 osCommerce; http://www.oscommerce.com
* @license BSD License; http://www.oscommerce.com/bsdlicense.txt
*/
namespace osCommerce\OM\Core\Site\Shop\Module\Service;
- use osCommerce\OM\Core\Registry;
use osCommerce\OM\Core\OSCOM;
+ use osCommerce\OM\Core\Registry;
use osCommerce\OM\Core\Session as SessionClass;
class Session implements \osCommerce\OM\Core\Site\Shop\ServiceInterface {
@@ -19,7 +19,13 @@ public static function start() {
$OSCOM_Session = Registry::get('Session');
$OSCOM_Session->setLifeTime(SERVICE_SESSION_EXPIRATION_TIME * 60);
- if ( (SERVICE_SESSION_FORCE_COOKIE_USAGE == '1') || ((bool)ini_get('session.use_only_cookies') === true) ) {
+ if ( SERVICE_SESSION_FORCE_COOKIE_USAGE == '1' ) {
+ ini_set('session.use_only_cookies', 1);
+ } else{
+ ini_set('session.use_only_cookies', 0);
+ }
+
+ if ( (bool)ini_get('session.use_only_cookies') ) {
OSCOM::setCookie('cookie_test', 'please_accept_for_session', time()+60*60*24*90);
if ( isset($_COOKIE['cookie_test']) ) {
Please sign in to comment.
Something went wrong with that request. Please try again.