You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sometimes Logout does not disconnect the user. The cookie is not correctly removed.
In particular when changing the security level.
When removing the cookie, the options must be the same as when creating the cookie.
Fine includes/process-commands.php
/* EXISTING CODE */
case "logout":
setcookie("uid", "deleted", time() - 3600);
setcookie("username", "deleted", time() - 3600);
/* NEW CODE TO ADD */
/* Make sure the cookie is removed, no matter how it has been created */
$l_cookie_options = array(
'expires' => time() - 3600, // 0 means session cookie
'path' => '/', // '/' means entire domain
//'domain' => '.example.com', // default is current domain
'secure' => FALSE, // true or false
'httponly' => TRUE, // true or false
'samesite' => 'Strict' // None || Lax || Strict
);
setcookie("username", "deleted", $l_cookie_options);
setcookie("uid", "deleted", $l_cookie_options);
//setrawcookie() allows for response splitting
$lUsernameCookie = $lRecord->username;
$l_cookie_options = array(
'expires' => time() - 3600, // 0 means session cookie
'path' => '/', // '/' means entire domain
//'domain' => '.example.com', // default is current domain
'secure' => FALSE, // true or false
'httponly' => FALSE, // true or false
'samesite' => 'Lax' // None || Lax || Strict
);
setrawcookie("username", "deleted", $l_cookie_options);
setrawcookie("uid", "deleted", $l_cookie_options);
The text was updated successfully, but these errors were encountered:
Sometimes Logout does not disconnect the user. The cookie is not correctly removed.
In particular when changing the security level.
When removing the cookie, the options must be the same as when creating the cookie.
Fine includes/process-commands.php
/* EXISTING CODE */
case "logout":
The text was updated successfully, but these errors were encountered: