Permalink
Browse files

Add secure and httponly flags to setcookie()

Set $_is_started to false when the session is destroyed
  • Loading branch information...
1 parent 431925a commit fedde5a5f9db6293411e044549b16ae4b3b9655a @haraldpdl committed Feb 20, 2014
Showing with 10 additions and 3 deletions.
  1. +10 −3 osCommerce/OM/Core/SessionAbstract.php
@@ -88,7 +88,7 @@ public function start() {
}
if ( isset($_COOKIE[$this->_name]) && !(bool)preg_match('/^[a-zA-Z0-9,-]+$/', $_COOKIE[$this->_name]) ) {
- setcookie($this->_name, '', time()-42000, $this->getCookieParameters('path'), $this->getCookieParameters('domain'));
+ setcookie($this->_name, '', time()-42000, $this->getCookieParameters('path'), $this->getCookieParameters('domain'), $this->getCookieParameters('secure'), $this->getCookieParameters('httponly'));
unset($_COOKIE[$this->_name]);
}
@@ -138,10 +138,17 @@ public function close() {
public function destroy() {
if ( $this->_is_started === true ) {
if ( isset($_COOKIE[$this->_name]) ) {
- setcookie($this->_name, '', time()-42000, $this->getCookieParameters('path'), $this->getCookieParameters('domain'));
+ setcookie($this->_name, '', time()-42000, $this->getCookieParameters('path'), $this->getCookieParameters('domain'), $this->getCookieParameters('secure'), $this->getCookieParameters('httponly'));
+ unset($_COOKIE[$this->_name]);
}
- return session_destroy();
+ $result = session_destroy();
+
+ if ( $result === true ) {
+ $this->_is_started = false;
+ }
+
+ return $result;
}
}

0 comments on commit fedde5a

Please sign in to comment.