that's obviously the best practice to kill a cookie @see http://stackoverflow.com/a/686166/1114320
public static deleteCookie ( string $user_id = null ) | ||
$user_id | string |
public static function initialize() { if (self::$initialized) { return; } self::$initialized = true; try { // Initialize local session Session::init(); if (!empty($_GET['logout'])) { self::destroy(); Session::init(); } if (!Session::userIsLoggedIn() && Request::cookie('remember_me')) { if (!LoginModel::loginWithCookie(Request::cookie('remember_me'))) { LoginModel::deleteCookie(); } } $currentUrl = $_SERVER['REQUEST_URI']; $end = strpos($currentUrl, '?'); if ($end === false) { $end = strpos($currentUrl, '#'); } if ($end !== false) { $currentUrl = substr($currentUrl, 0, $end); } // Initialize Facebook session /*self::$facebookSession = new FacebookSessionWrapper( Tools::getBaseUrl() . $currentUrl, Tools::getBaseUrl() . '/logout/' );*/ } catch (\Exception $ex) { } }
public function loginWithCookie() { $success = LoginModel::loginWithCookie(Request::cookie('remember_me')); if ($success) { Redirect::to('dashboard/index'); } else { LoginModel::deleteCookie(); Redirect::to('login/index'); } }
/** * Login with cookie */ public function loginWithCookie() { // run the loginWithCookie() method in the login-model, put the result in $login_successful (true or false) $login_successful = LoginModel::loginWithCookie(Request::cookie('remember_me')); // if login successful, redirect to dashboard/index ... if ($login_successful) { Redirect::to('dashboard/index'); } else { // if not, delete cookie (outdated? attack?) and route user to login form to prevent infinite login loops LoginModel::deleteCookie(); Redirect::to('login/index'); } }