public function persistSession(SessionBackend $session, WebRequest $request) { $response = $request->response(); if ($response->headersSent()) { // Can't do anything now $this->logger->debug(__METHOD__ . ': Headers already sent'); return; } $user = $session->getUser(); $cookies = $this->cookieDataToExport($user, $session->shouldRememberUser()); $sessionData = $this->sessionDataToExport($user); // Legacy hook if ($this->params['callUserSetCookiesHook'] && !$user->isAnon()) { \Hooks::run('UserSetCookies', array($user, &$sessionData, &$cookies)); } $options = $this->cookieOptions; if ($session->shouldForceHTTPS() || $user->requiresHTTPS()) { $response->setCookie('forceHTTPS', 'true', $session->shouldRememberUser() ? 0 : null, array('prefix' => '', 'secure' => false) + $options); $options['secure'] = true; } $response->setCookie($this->params['sessionName'], $session->getId(), null, array('prefix' => '') + $options); $extendedCookies = $this->config->get('ExtendedLoginCookies'); $extendedExpiry = $this->config->get('ExtendedLoginCookieExpiration'); foreach ($cookies as $key => $value) { if ($value === false) { $response->clearCookie($key, $options); } else { if ($extendedExpiry !== null && in_array($key, $extendedCookies)) { $expiry = time() + (int) $extendedExpiry; } else { $expiry = 0; // Default cookie expiration } $response->setCookie($key, (string) $value, $expiry, $options); } } $this->setLoggedOutCookie($session->getLoggedOutTimestamp(), $request); if ($sessionData) { $session->addData($sessionData); } }