First iteration of using cookies to store session/securetoken

public/lucidAuth.login.php

@@ -6,6 +6,9 @@
 	if ($_POST['do'] == 'login') {
 		$result = authenticateLDAP($_POST['username'], $_POST['password']);
 		if ($result['status'] == 'Success') {
+			// Save secure token in cookie
+            setcookie('JWT', $result['token'], (time() + $settings->Session['Duration']));
+            
 			// Convert base64 encoded string back from JSON;
 			//   forcing it into an associative array (instead of javascript's default StdClass object)
 			try {
@@ -16,7 +19,7 @@
 				echo '{"Result":"Fail","Reason":"Original request URI lost in transition"}' . PHP_EOL;
 				exit;
 			}
-			$originalUri = !empty($proxyHeaders) ? $proxyHeaders['XForwardedProto'] . '://' . $proxyHeaders['XForwardedHost'] . $proxyHeaders['XForwardedUri'] : '#';
+			$originalUri = !empty($proxyHeaders) ? $proxyHeaders['XForwardedProto'] . '://' . $proxyHeaders['XForwardedHost'] . $proxyHeaders['XForwardedUri'] : 'lucidAuth.manage.php';
 
 			// Since this request is only ever called through an AJAX-request; return JSON object
 			echo '{"Result":"Success","Location":"' . $originalUri . '"}' . PHP_EOL;

public/lucidAuth.validateRequest.php

@@ -28,9 +28,7 @@
 		exit;
 	}
 
-	if ((!empty($_COOKIE['Exp']) && !empty($_COOKIE['Sub']) && !empty($_COOKIE['JWT'])) && validateToken([
-		'Exp' => $_COOKIE['Exp'],
-		'Sub' => $_COOKIE['Sub'],
+	if (!empty($_COOKIE['JWT']) && validateToken([
 		'JWT' => $_COOKIE['JWT']
 	])['status'] == "Success") {
 		// Valid authentication token found