fixes deleteSession API removes browser's cookieFallback #1193
This commit is contained in:
parent
33aaa5c1ef
commit
59338afb40
1 changed files with 7 additions and 7 deletions
|
@ -1272,17 +1272,17 @@ App::delete('/v1/account/sessions/:sessionId')
|
||||||
->setParam('resource', '/user/'.$user->getId())
|
->setParam('resource', '/user/'.$user->getId())
|
||||||
;
|
;
|
||||||
|
|
||||||
|
$session->setAttribute('current', false);
|
||||||
|
|
||||||
|
if ($session->getAttribute('secret') == Auth::hash(Auth::$secret)) { // If current session delete the cookies too
|
||||||
|
$session->setAttribute('current', true);
|
||||||
|
|
||||||
if (!Config::getParam('domainVerification')) {
|
if (!Config::getParam('domainVerification')) {
|
||||||
$response
|
$response
|
||||||
->addHeader('X-Fallback-Cookies', \json_encode([]))
|
->addHeader('X-Fallback-Cookies', \json_encode([]))
|
||||||
;
|
;
|
||||||
}
|
}
|
||||||
|
|
||||||
$session->setAttribute('current', false);
|
|
||||||
|
|
||||||
if ($session->getAttribute('secret') == Auth::hash(Auth::$secret)) { // If current session delete the cookies too
|
|
||||||
$session->setAttribute('current', true);
|
|
||||||
|
|
||||||
$response
|
$response
|
||||||
->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||||
->addCookie(Auth::$cookieName, '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite'))
|
->addCookie(Auth::$cookieName, '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite'))
|
||||||
|
|
Loading…
Reference in a new issue