mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
00e4e0294f
As discussed on the mailing list, enable "secure" and "httponly" for session cookies to prevent them from being transferred over insecure connections. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
25 lines
732 B
PHP
25 lines
732 B
PHP
<?php
|
|
|
|
set_include_path(get_include_path() . PATH_SEPARATOR . '../lib');
|
|
|
|
include_once("aur.inc.php"); # access AUR common functions
|
|
include_once("acctfuncs.inc.php"); # access AUR common functions
|
|
|
|
|
|
# if they've got a cookie, log them out - need to do this before
|
|
# sending any HTML output.
|
|
#
|
|
if (isset($_COOKIE["AURSID"])) {
|
|
$dbh = db_connect();
|
|
$q = "DELETE FROM Sessions WHERE SessionID = '";
|
|
$q.= mysql_real_escape_string($_COOKIE["AURSID"]) . "'";
|
|
db_query($q, $dbh);
|
|
# setting expiration to 1 means '1 second after midnight January 1, 1970'
|
|
setcookie("AURSID", "", 1, "/", null, !empty($_SERVER['HTTPS']), true);
|
|
unset($_COOKIE['AURSID']);
|
|
}
|
|
|
|
clear_expired_sessions();
|
|
|
|
header('Location: index.php');
|
|
|