From b1560bb87be46bb6586bb1941b1947153853c7c8 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Wed, 26 Aug 2020 11:38:25 +0200 Subject: [PATCH] allways use http only cookie, pass referuri to controller --- controllers/class.Login.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/controllers/class.Login.php b/controllers/class.Login.php index 3a66568e1..491fbd6d0 100644 --- a/controllers/class.Login.php +++ b/controllers/class.Login.php @@ -36,6 +36,7 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common { $settings = $this->params['settings']; $session = $this->params['session']; $sesstheme = $this->params['sesstheme']; + $referuri = $this->params['referuri']; $lang = $this->params['lang']; $login = $this->params['login']; $pwd = $this->params['pwd']; @@ -199,8 +200,8 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common { $dms_session = $_COOKIE["mydms_session"]; if(!$resArr = $session->load($dms_session)) { /* Turn off http only cookies if jumploader is enabled */ - setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot, null, null, !$settings->_enableLargeFileUpload); //delete cookie - header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer); + setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot, null, false, true); //delete cookie + header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$referuri); exit; } else { $session->updateAccess($dms_session); @@ -218,7 +219,7 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common { $lifetime = time() + intval($settings->_cookieLifetime); else $lifetime = 0; - setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot, null, null, !$settings->_enableLargeFileUpload); + setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot, null, false, true); } if($this->callHook('postLogin', $user)) {