Commit 264cc512 authored by Taylor Otwell's avatar Taylor Otwell

fixed bug in auth cookie removal.

parent 2733e5ce
# Laravel Change Log
## Version 2.1.0
- Fix: Authentication cookies are not deleted properly when custom domains or paths are used.
### Upgrading from 2.0.9
- Replace **laravel** directory.
## Version 2.0.9
- Minor: Made "timestamps" method in Eloquent model protected instead of private.
......
......@@ -206,9 +206,16 @@ class Auth {
static::$user = null;
Cookie::forget(Auth::user_key);
$config = Config::get('session');
extract($config, EXTR_SKIP);
// When forgetting the cookie, we need to also pass in the path and
// domain that would have been used when the cookie was originally
// set by the framework, otherwise it will not be deleted.
Cookie::forget(Auth::user_key, $path, $domain, $secure);
Cookie::forget(Auth::remember_key);
Cookie::forget(Auth::remember_key, $path, $domain, $secure);
IoC::core('session')->forget(Auth::user_key);
}
......
......@@ -128,11 +128,15 @@ class Cookie {
* Delete a cookie.
*
* @param string $name
* @param string $path
* @param string $domain
* @param bool $secure
* @param bool $http_only
* @return bool
*/
public static function forget($name)
public static function forget($name, $path = '/', $domain = null, $secure = false, $http_only = false)
{
return static::put($name, null, -2000);
return static::put($name, null, -2000, $path, $domain, $secure, $http_only);
}
}
\ No newline at end of file
......@@ -3,7 +3,7 @@
* Laravel - A PHP Framework For Web Artisans
*
* @package Laravel
* @version 2.0.9
* @version 2.1.0
* @author Taylor Otwell <taylorotwell@gmail.com>
* @link http://laravel.com
*/
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment