Update Authentication.php

I've added a SSL proxy check. If a SSL proxy is used, domain and path of cookie have to be set differently.
fossar · Jun 1, 2013 · 9ac92c1 · arbk · Sep 18, 2013 · 9ac92c1
1 parent e7a5a79
commit 9ac92c1
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/helpers/Authentication.php b/helpers/Authentication.php
@@ -30,8 +30,16 @@ class Authentication {
      * start session and check login
      */
     public function __construct() {
+
+        // check for SSL proxy and special cookie options
+    	if(isset($_SERVER['HTTP_X_FORWARDED_SERVER'])) {
+  			// set cookie details (http://php.net/manual/en/function.setcookie.php)
+  			// expire, path, domain, secure, httponly
+        	session_set_cookie_params((3600*24*30), '/'.$_SERVER['SERVER_NAME'].preg_replace('/\/[^\/]+$/','',$_SERVER['PHP_SELF']).'/', $_SERVER['HTTP_X_FORWARDED_SERVER'], "true", "true");
+  		} else {
         // session cookie will be valid for one month
         session_set_cookie_params((3600*24*30), "/");
+        }
 
         session_name();
         if(session_id()=="")
@@ -117,4 +125,4 @@ public function logout() {
         $_SESSION['loggedin'] = false;
         session_destroy();
     }
-}
+}