File modules/cms/action/login/LoginLogoutAction.class.php
Last commit: Fri Apr 15 14:51:22 2022 +0200 dankert Refactoring: User,Config and Database info is now stored in the Request, because so there is no session required for clients which are using Basic Authorization.
1 <?php 2 namespace cms\action\login; 3 use cms\action\Action; 4 use cms\action\LoginAction; 5 use cms\action\Method; 6 use cms\base\Configuration; 7 use language\Messages; 8 use util\Cookie; 9 use util\Request; 10 use util\Session; 11 12 13 class LoginLogoutAction extends LoginAction implements Method { 14 public function view() { 15 // There is no view for this action. 16 } 17 public function post() { 18 if ( Configuration::subset('security')->is('renew_session_logout',false) ) 19 $this->recreateSession(); 20 21 // Reading the login token cookie 22 list( $selector,$token ) = array_pad( explode('.',Cookie::get(Action::COOKIE_TOKEN)),2,''); 23 24 // Logout forces the removal of the login token for this device 25 if ( $selector ) 26 $this->currentUser->deleteLoginToken( $selector ); 27 28 // Cookie mit Logintoken löschen. 29 $this->setCookie(Action::COOKIE_TOKEN ); 30 31 Request::setUser(null); 32 33 $this->addNoticeFor( $this->currentUser, Messages::LOGOUT_OK ); 34 } 35 }
Downloadmodules/cms/action/login/LoginLogoutAction.class.php
History Fri, 15 Apr 2022 14:51:22 +0200 dankert Refactoring: User,Config and Database info is now stored in the Request, because so there is no session required for clients which are using Basic Authorization. Thu, 19 Nov 2020 00:45:44 +0100 Jan Dankert Security fix: We must update the login token on every login; Administrators are able to see the login tokens of users. Wed, 18 Nov 2020 20:42:57 +0100 Jan Dankert Getting/Setting cookies with constants, this is more safe. Tue, 17 Nov 2020 23:51:00 +0100 Jan Dankert Refactoring: Every Actionmethod has now its own class.