Merge pull request #1206 from lohanidamodar/fix-delete-session-removing-fallback-cookie
fixes deleteSession API removes browser's cookieFallback #1193
This commit is contained in:
commit
735cb90a44
|
@ -1272,16 +1272,16 @@ App::delete('/v1/account/sessions/:sessionId')
|
|||
->setParam('resource', '/user/'.$user->getId())
|
||||
;
|
||||
|
||||
if (!Config::getParam('domainVerification')) {
|
||||
$response
|
||||
->addHeader('X-Fallback-Cookies', \json_encode([]))
|
||||
;
|
||||
}
|
||||
|
||||
$session->setAttribute('current', false);
|
||||
|
||||
|
||||
if ($session->getAttribute('secret') == Auth::hash(Auth::$secret)) { // If current session delete the cookies too
|
||||
$session->setAttribute('current', true);
|
||||
|
||||
if (!Config::getParam('domainVerification')) {
|
||||
$response
|
||||
->addHeader('X-Fallback-Cookies', \json_encode([]))
|
||||
;
|
||||
}
|
||||
|
||||
$response
|
||||
->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||
|
|
Loading…
Reference in a new issue