public static function createCookie($cookie_name, $cookie_value, $expires = 0, $path = '/', $domain = '') { if ($domain) { // sanitizes the domain $domain = owa_lib::sanitizeCookieDomain($domain); } else { $domain = owa_coreAPI::getSetting('base', 'cookie_domain'); } if (is_array($cookie_value)) { $cookie_value = owa_lib::implode_assoc('=>', '|||', $cookie_value); } // add namespace $cookie_name = sprintf('%s%s', owa_coreAPI::getSetting('base', 'ns'), $cookie_name); // debug owa_coreAPI::debug(sprintf('Setting cookie %s with values: %s under domain: %s', $cookie_name, $cookie_value, $domain)); // set compact privacy header header(sprintf('P3P: CP="%s"', owa_coreAPI::getSetting('base', 'p3p_policy'))); //owa_coreAPI::debug('time: '.$expires); setcookie($cookie_name, $cookie_value, $expires, $path, $domain); return; }
/** * sets and checks the cookie domain setting * * @param unknown_type $domain */ public function setCookieDomain($domain = '') { $explicit = false; if (!$domain) { $domain = $_SERVER['HTTP_HOST']; $explicit = true; } // strip port, add leading period etc. $domain = owa_lib::sanitizeCookieDomain($domain); // Set the cookie domain only if the domain name is a Fully qualified domain name (FQDN) // i.e. avoid attempts to set cookie domain for e.g. "localhost" as that is not valid //check for two dots in the domain name $twodots = substr_count($domain, '.'); if ($twodots >= 2) { // unless www.domain.com is passed explicitly // strip the www from the domain. if (!$explicit) { $part = substr($domain, 0, 5); if ($part === '.www.') { //strip .www. $domain = substr($domain, 5); // add back the leading period $domain = '.' . $domain; } } $this->set('base', 'cookie_domain', $domain); owa_coreAPI::debug("Setting cookie domain to {$domain}"); } else { owa_coreAPI::debug("Not setting cookie domain as {$domain} is not a FQDN."); } }