Merge pull request #47 from gelysis/exceed-cookielength-fix

Added data unset to stop data being read from outdated cookie
silverstripe · Feb 7, 2019 · ec86442 · ec86442
2 parents 5a5c3b0 + ac404c9
commit ec86442
Showing 1 changed file with 20 additions and 4 deletions.
diff --git a/src/Store/CookieStore.php b/src/Store/CookieStore.php
@@ -132,11 +132,27 @@ protected function canWrite()
 
     public function write($session_id, $session_data)
     {
+        $canWrite = $this->canWrite();
+        $isExceedingCookieLimit = (strlen($session_data) > static::config()->get('max_length'));
+        $crypto = $this->getCrypto($session_id);
+
         // Check ability to safely encrypt and write content
-        if (!$this->canWrite()
-            || (strlen($session_data) > static::config()->get('max_length'))
-            || !($crypto = $this->getCrypto($session_id))
-        ) {
+        if (!$canWrite || $isExceedingCookieLimit || !$crypto) {
+            if ($canWrite && $isExceedingCookieLimit) {
+                $params = session_get_cookie_params();
+                // Clear stored cookie value and cookie when length exceeds the set limit
+                $this->currentCookieData = null;
+                Cookie::set(
+                    $this->cookie,
+                    '',
+                    0,
+                    $params['path'],
+                    $params['domain'],
+                    $params['secure'],
+                    $params['httponly']
+                );
+            }
+
             return false;
         }