From cbaf196f509cc5b21f04574cbf80ddd3ecf9f8db Mon Sep 17 00:00:00 2001 From: Sandro Santilli Date: Mon, 13 Mar 2017 11:57:10 +0100 Subject: [PATCH] Only remove the "remember me" cookie at submitting the auth form Fixes loss of remember (Friendica) cookie on switching Managed accounts --- include/auth.php | 4 ++++ include/security.php | 3 --- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/include/auth.php b/include/auth.php index 62ca3563a..8512abe48 100644 --- a/include/auth.php +++ b/include/auth.php @@ -179,6 +179,10 @@ if (isset($_SESSION) && x($_SESSION,'authenticated') && (!x($_POST,'auth-params' goaway(z_root()); } + if ( ! $_POST['remember']) { + new_cookie(0); // 0 means delete on browser exit + } + // if we haven't failed up this point, log them in. $_SESSION['remember'] = $_POST['remember']; $_SESSION['last_login_date'] = datetime_convert('UTC','UTC'); diff --git a/include/security.php b/include/security.php index 93df6ff25..23fc400b3 100644 --- a/include/security.php +++ b/include/security.php @@ -141,9 +141,6 @@ function authenticate_success($user_record, $login_initial = false, $interactive new_cookie(604800, $user_record); unset($_SESSION['remember']); } - else { - new_cookie(0); // 0 means delete on browser exit - } }