// prevents javascript from accessing php session cookies
ini_set('session.cookie_httponly', '1;');
+ // set the cookie path to the ownCloud directory
+ ini_set('session.cookie_path', OC::$WEBROOT);
+
// set the session name to the instance id - which is unique
session_name(OC_Util::getInstanceId());
// session timeout
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 60*60*24)) {
if (isset($_COOKIE[session_name()])) {
- setcookie(session_name(), '', time() - 42000, '/');
+ setcookie(session_name(), '', time() - 42000, OC::$WEBROOT);
}
session_unset();
session_destroy();
public static function setMagicInCookie($username, $token) {
$secure_cookie = OC_Config::getValue("forcessl", false);
$expires = time() + OC_Config::getValue('remember_login_cookie_lifetime', 60*60*24*15);
- setcookie("oc_username", $username, $expires, '', '', $secure_cookie);
- setcookie("oc_token", $token, $expires, '', '', $secure_cookie, true);
- setcookie("oc_remember_login", true, $expires, '', '', $secure_cookie);
+ setcookie("oc_username", $username, $expires, OC::$WEBROOT, '', $secure_cookie);
+ setcookie("oc_token", $token, $expires, OC::$WEBROOT, '', $secure_cookie, true);
+ setcookie("oc_remember_login", true, $expires, OC::$WEBROOT, '', $secure_cookie);
}
/**