Merge branch 'bugfix/session-cookie-11187'

fixes #11187
2016-02-27 22:47:20 +01:00 · 2016-02-27 22:47:20 +01:00 · 25f596969f
parent 4275d030c5 03d7f3a1f4
commit 25f596969f
3 changed files with 18 additions and 4 deletions
--- a/library/Icinga/Application/Web.php
+++ b/library/Icinga/Application/Web.php
@ -82,9 +82,9 @@ class Web extends EmbeddedWeb
            ->setupLogging()
            ->setupErrorHandling()
            ->loadConfig()
+            ->setupRequest()
            ->setupSession()
            ->setupNotifications()
-            ->setupRequest()
            ->setupResponse()
            ->setupZendMvc()
            ->setupModuleManager()
--- a/library/Icinga/Web/Cookie.php
+++ b/library/Icinga/Web/Cookie.php
@ -96,6 +96,9 @@ class Cookie
     */
    public function getDomain()
    {
+        if ($this->domain === null) {
+            $this->domain = Config::app()->get('cookie', 'domain');
+        }
        return $this->domain;
    }

@ -182,9 +185,9 @@ class Cookie
            if ($path === null) {
                // The following call could be used as default for ConfigObject::get(), but we prevent unnecessary
                // function calls here, if the path is set in the config
-                $path = Icinga::app()->getRequest()->getBaseUrl();
+                $path = Icinga::app()->getRequest()->getBaseUrl() . '/'; // Zend has rtrim($baseUrl, '/')
            }
-            return $path;
+            $this->path = $path;
        }
        return $this->path;
    }
@ -219,7 +222,7 @@ class Cookie
                // function calls here, if the secure flag is set in the config
                $secure = Icinga::app()->getRequest()->isSecure();
            }
-            return $secure;
+            $this->secure = $secure;
        }
        return $this->secure;
    }
--- a/library/Icinga/Web/Session/PhpSession.php
+++ b/library/Icinga/Web/Session/PhpSession.php
@ -5,6 +5,7 @@ namespace Icinga\Web\Session;

 use Icinga\Application\Logger;
 use Icinga\Exception\ConfigurationError;
+use Icinga\Web\Cookie;

 /**
 * Session implementation in PHP
@ -102,11 +103,21 @@ class PhpSession extends Session
            ini_set('session.cache_limiter', null);
        }

+        $cookie = new Cookie('bogus');
+        session_set_cookie_params(
+            0,
+            $cookie->getPath(),
+            $cookie->getDomain(),
+            $cookie->isSecure(),
+            true
+        );
+
        session_start();

        if ($this->hasBeenTouched) {
            ini_set('session.use_cookies', true);
            ini_set('session.use_only_cookies', true);
+            /** @noinspection PhpUndefinedVariableInspection */
            ini_set('session.cache_limiter', $cacheLimiter);
        }
    }