Merge pull request #1206 from lohanidamodar/fix-delete-session-removing-fallback-cookie

fixes deleteSession API removes browser's cookieFallback #1193
2024-06-01 18:39:57 +12:00 · 2021-05-28 19:24:49 +03:00 · 2021-05-28 19:24:49 +03:00 · 735cb90a44
parent 33aaa5c1ef 59338afb40
commit 735cb90a44
1 changed files with 7 additions and 7 deletions
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@ -1272,16 +1272,16 @@ App::delete('/v1/account/sessions/:sessionId')
                    ->setParam('resource', '/user/'.$user->getId())
                ;

-                if (!Config::getParam('domainVerification')) {
-                    $response
-                        ->addHeader('X-Fallback-Cookies', \json_encode([]))
-                    ;
-                }
-                
                $session->setAttribute('current', false);
-
+                
                if ($session->getAttribute('secret') == Auth::hash(Auth::$secret)) { // If current session delete the cookies too
                    $session->setAttribute('current', true);
+                    
+                    if (!Config::getParam('domainVerification')) {
+                        $response
+                            ->addHeader('X-Fallback-Cookies', \json_encode([]))
+                        ;
+                    }

                    $response
                        ->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)