/** * Logs this member out. */ public function logOut() { $this->extend('beforeMemberLoggedOut'); Session::clear("loggedInAs"); if (Member::config()->login_marker_cookie) { Cookie::set(Member::config()->login_marker_cookie, null, 0); } Session::destroy(); $this->extend('memberLoggedOut'); // Clears any potential previous hashes for this member RememberLoginHash::clear($this, Cookie::get('alc_device')); Cookie::set('alc_enc', null); // // Clear the Remember Me cookie Cookie::force_expiry('alc_enc'); Cookie::set('alc_device', null); Cookie::force_expiry('alc_device'); // Switch back to live in order to avoid infinite loops when // redirecting to the login screen (if this login screen is versioned) Session::clear('readingMode'); $this->write(); // Audit logging hook $this->extend('memberLoggedOut'); }
public function inst_destroy($removeCookie = true) { if (session_id()) { if ($removeCookie) { $path = Config::inst()->get('SilverStripe\\Control\\Session', 'cookie_path') ?: Director::baseURL(); $domain = Config::inst()->get('SilverStripe\\Control\\Session', 'cookie_domain'); $secure = Config::inst()->get('SilverStripe\\Control\\Session', 'cookie_secure'); Cookie::force_expiry(session_name(), $path, $domain, $secure, true); } session_destroy(); // Clean up the superglobal - session_destroy does not do it. // http://nz1.php.net/manual/en/function.session-destroy.php unset($_SESSION); $this->data = array(); } }
/** * Check we can remove cookies and we can access their original values */ public function testForceExpiry() { //load an existing cookie $cookieJar = new CookieJar(array('cookieExisting' => 'i woz here')); Injector::inst()->registerService($cookieJar, 'SilverStripe\\Control\\Cookie_Backend'); //make sure it's available $this->assertEquals('i woz here', Cookie::get('cookieExisting')); //remove the cookie Cookie::force_expiry('cookieExisting'); //check it's gone $this->assertEmpty(Cookie::get('cookieExisting')); //check we can get it's original value $this->assertEquals('i woz here', Cookie::get('cookieExisting', false)); //check we can add a new cookie and remove it and it doesn't leave any phantom values Cookie::set('newCookie', 'i am new'); //check it's set by not recieved $this->assertEquals('i am new', Cookie::get('newCookie')); $this->assertEmpty(Cookie::get('newCookie', false)); //remove it Cookie::force_expiry('newCookie'); //check it's neither set nor reveived $this->assertEmpty(Cookie::get('newCookie')); $this->assertEmpty(Cookie::get('newCookie', false)); }
/** * Choose the stage the site is currently on. * * If $_GET['stage'] is set, then it will use that stage, and store it in * the session. * * if $_GET['archiveDate'] is set, it will use that date, and store it in * the session. * * If neither of these are set, it checks the session, otherwise the stage * is set to 'Live'. */ public static function choose_site_stage() { // Check any pre-existing session mode $preexistingMode = Session::get('readingMode'); // Determine the reading mode if (isset($_GET['stage'])) { $stage = ucfirst(strtolower($_GET['stage'])); if (!in_array($stage, array(static::DRAFT, static::LIVE))) { $stage = static::LIVE; } $mode = 'Stage.' . $stage; } elseif (isset($_GET['archiveDate']) && strtotime($_GET['archiveDate'])) { $mode = 'Archive.' . $_GET['archiveDate']; } elseif ($preexistingMode) { $mode = $preexistingMode; } else { $mode = static::DEFAULT_MODE; } // Save reading mode Versioned::set_reading_mode($mode); // Try not to store the mode in the session if not needed if ($preexistingMode && $preexistingMode !== $mode || !$preexistingMode && $mode !== static::DEFAULT_MODE) { Session::set('readingMode', $mode); } if (!headers_sent() && !Director::is_cli()) { if (Versioned::get_stage() == 'Live') { // clear the cookie if it's set if (Cookie::get('bypassStaticCache')) { Cookie::force_expiry('bypassStaticCache', null, null, false, true); } } else { // set the cookie if it's cleared if (!Cookie::get('bypassStaticCache')) { Cookie::set('bypassStaticCache', '1', 0, null, null, false, true); } } } }
/** * Set an alternative database in a browser cookie, * with the cookie lifetime set to the browser session. * This is useful for integration testing on temporary databases. * * There is a strict naming convention for temporary databases to avoid abuse: * <prefix> (default: 'ss_') + tmpdb + <7 digits> * As an additional security measure, temporary databases will * be ignored in "live" mode. * * Note that the database will be set on the next request. * Set it to null to revert to the main database. * @param string $name */ public static function set_alternative_database_name($name = null) { // Skip if CLI if (Director::is_cli()) { return; } if ($name) { if (!self::valid_alternative_database_name($name)) { throw new InvalidArgumentException(sprintf('Invalid alternative database name: "%s"', $name)); } $key = Config::inst()->get('SilverStripe\\Security\\Security', 'token'); if (!$key) { throw new LogicException('"Security.token" not found, run "sake dev/generatesecuretoken"'); } if (!function_exists('mcrypt_encrypt')) { throw new LogicException('DB::set_alternative_database_name() requires the mcrypt PHP extension'); } $key = md5($key); // Ensure key is correct length for chosen cypher $ivSize = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CFB); $iv = mcrypt_create_iv($ivSize); $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $name, MCRYPT_MODE_CFB, $iv); // Set to browser session lifetime, and restricted to HTTP access only Cookie::set("alternativeDatabaseName", base64_encode($encrypted), 0, null, null, false, true); Cookie::set("alternativeDatabaseNameIv", base64_encode($iv), 0, null, null, false, true); } else { Cookie::force_expiry("alternativeDatabaseName", null, null, false, true); Cookie::force_expiry("alternativeDatabaseNameIv", null, null, false, true); } }