public function destroy() { if (count($_COOKIE) > 0) { foreach ($_COOKIE as $key => $value) { if ($key == 'frmauth') { $val = explode('_', $_COOKIE['frmauth']); $token = UserToken::getUserToken($val[0], $val[1], $val[2]); if ($token) { $token->delete(); } } setcookie($key, false, time() - 10000, '/', '.' . $_SERVER['SERVER_NAME']); setcookie($key, false, time() - 10000, '/', $_SERVER['SERVER_NAME']); } } return session_destroy(); }
public function checkCookieToken() { $context = Context::getInstance(); if (isset($_COOKIE['frmauth']) && $context->session->userID == User::GUEST) { $val = explode('_', $_COOKIE['frmauth']); $token = UserToken::getUserToken($val[0], $val[1], $val[2]); if ($token) { $context->session->userID = (int) $val[0]; $context->user = User::getUserById($val[0]); $token->delete(); UserToken::setCookieToken($context->user, $val[1]); } else { $token = UserToken::getByUidAndSid($val[0], $val[1]); if ($token) { //possible cookie theft UserToken::deleteByUidAndSid($val[0], $val[1]); $context->session->destroy(); echo 'cookie hijacked'; exit; } } } }