Ignore:
Timestamp:
Oct 16, 2008, 2:35:30 AM (16 years ago)
Author:
rvelices
Message:
  • security paranoia: protect session/remember me cookies from XSS attacks (works only if php>=5.2 and with IE/FF maybe others)
File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/2.0/include/user.inc.php

    r2425 r2756  
    3030  if (isset($_GET['act']) and $_GET['act'] == 'logout')
    3131  { // logout
    32     $_SESSION = array();
    33     session_unset();
    34     session_destroy();
    35     setcookie(session_name(),'',0,
    36         ini_get('session.cookie_path'),
    37         ini_get('session.cookie_domain')
    38       );
    39     setcookie($conf['remember_me_name'], '', 0, cookie_path());
     32    logout_user();
    4033    redirect(make_index_url());
    4134  }
Note: See TracChangeset for help on using the changeset viewer.