djpbessems/lucidAuth
1
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

Added nonfunctional workflow for crossdomain cookies

Browse Source
This commit is contained in:
djpbessems
2019-02-22 11:28:42 +01:00
parent 2776d1b421
commit d9e53fce49
5 changed files with 37 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
include/lucidAuth.functions.php
View File

@ -83,8 +83,10 @@ function storeToken (string $secureToken, string $qualifiedUsername, string $htt
// This might seem backwards, but relying on $_SERVER directly allows spoofed values with potential security risks
return (strlen($value) > strlen($httpHost)) ? false : (0 === substr_compare($httpHost, $value, -strlen($value)));
}))[0];
if (setcookie('JWT', $secureToken, (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain)) {
if ($cookieDomain && setcookie('JWT', $secureToken, (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain)) {
return ['status' => 'Success'];
} else {
return ['status' => 'Fail', 'reason' => 'Unable to store cookie(s)'];
}
}